Sophie

Sophie

distrib > Mandriva > 2006.0 > x86_64 > by-pkgid > b8f4049de69feba5041d49ed4382e582 > files > 124

postgresql-docs-8.0.11-0.1.20060mdk.x86_64.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Encryption Options</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 8.0.11 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="Server Run-time Environment"
HREF="runtime.html"><LINK
REL="PREVIOUS"
TITLE="Shutting Down the Server"
HREF="postmaster-shutdown.html"><LINK
REL="NEXT"
TITLE="Secure TCP/IP Connections with SSL"
HREF="ssl-tcp.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2007-02-02T03:57:22"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
>PostgreSQL 8.0.11 Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="postmaster-shutdown.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="runtime.html"
>Fast Backward</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Chapter 16. Server Run-time Environment</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="runtime.html"
>Fast Forward</A
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="ssl-tcp.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="ENCRYPTION-OPTIONS"
>16.7. Encryption Options</A
></H1
><A
NAME="AEN19359"
></A
><P
>   <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
> offers encryption at several
   levels, and provides flexibility in protecting data from disclosure
   due to database server theft, unscrupulous administrators, and
   insecure networks. Encryption might also be required by government
   regulation, for example, for medical records or financial
   transactions.
  </P
><P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>Password Storage Encryption</DT
><DD
><P
>     By default, database user passwords are stored as MD5 hashes, so
     the administrator can not determine the actual password assigned
     to the user. If MD5 encryption is used for client authentication,
     the unencrypted password is never even temporarily present on the
     server because the client MD5 encrypts it before being sent across
     the network. MD5 is a one-way encryption --- there is no
     decryption algorithm.
    </P
></DD
><DT
>Encryption For Specific Columns</DT
><DD
><P
>     The <TT
CLASS="FILENAME"
>/contrib</TT
> function library
     <CODE
CLASS="FUNCTION"
>pgcrypto</CODE
> allows certain fields to be stored
     encrypted. This is useful if only some of the data is sensitive.
     The client supplies the decryption key and the data is decrypted
     on the server and then sent to the client.
    </P
><P
>     The decrypted data and the decryption key are present on the
     server for a brief time while it is being decrypted and
     communicated between the client and server. This presents a brief
     moment where the data and keys can be intercepted by someone with
     complete access to the database server, such as the system
     administrator.
    </P
></DD
><DT
>Data Partition Encryption</DT
><DD
><P
>     On Linux, encryption can be layered on top of a filesystem mount
     using a <SPAN
CLASS="QUOTE"
>"loopback device"</SPAN
>. This allows an entire
     filesystem partition be encrypted on disk, and decrypted by the
     operating system. On FreeBSD, the equivalent facility is called
     GEOM Based Disk Encryption, or <ACRONYM
CLASS="ACRONYM"
>gbde</ACRONYM
>.
    </P
><P
>     This mechanism prevents unecrypted data from being read from the
     drives if the drives or the entire computer is stolen. This
     mechanism does nothing to protect against attacks while the
     filesystem is mounted, because when mounted, the operating system
     provides a unencrypted view of the data. However, to mount the
     filesystem, you need some way for the encryption key to be passed
     to the operating system, and sometimes the key is stored somewhere
     on the host that mounts the disk.
    </P
></DD
><DT
>Encrypting Passwords Across A Network</DT
><DD
><P
>      The <TT
CLASS="LITERAL"
>MD5</TT
> authentication method double-encrypts the
      password on the client before sending it to the server. It first
      MD5 encrypts it based on the user name, and then encrypts it
      based on a random salt sent by the server when the database
      connection was made. It is this double-encrypted value that is
      sent over the network to the server. Double-encryption not only
      prevents the password from being discovered, it also prevents
      another connection from replaying the same double-encryption
      value in a later connection.
     </P
></DD
><DT
>Encrypting Data Across A Network</DT
><DD
><P
>      SSL connections encrypt all data sent across the network: the
      password, the queries, and the data returned. The
      <TT
CLASS="FILENAME"
>pg_hba.conf</TT
> file allows administrators to specify
      which hosts can use non-encrypted connections (<TT
CLASS="LITERAL"
>host</TT
>)
      and which require SSL-encrypted connections
      (<TT
CLASS="LITERAL"
>hostssl</TT
>). Also, clients can specify that they
      connect to servers only via SSL. <SPAN
CLASS="APPLICATION"
>Stunnel</SPAN
> or
      <SPAN
CLASS="APPLICATION"
>SSH</SPAN
> can also be used to encrypt transmissions.
     </P
></DD
><DT
>SSL Host Authentication</DT
><DD
><P
> 
     It is possible for both the client and server to provide SSL keys
     or certificates to each other. It takes some extra configuration
     on each side, but this provides stronger verification of identity
     than the mere use of passwords. It prevent a computer from
     pretending to be the server just long enough to read the password
     send by the client. It also helps prevent 'man in the middle"
     attacks where a computer between the client and server pretends to
     be the server and reads and passes all data between the client and
     server.
    </P
></DD
><DT
>Client-Side Encryption</DT
><DD
><P
>     If the system administrator can not be trusted, it is necessary
     for the client to encrypt the data; this way, unencrypted data
     never appears on the database server. Data is encrypted on the
     client before being sent to the server, and database results have
     to be decrypted on the client before being used. Peter Wayner's
     book, [<SPAN
CLASS="CITATION"
>Translucent Databases</SPAN
>], discusses how to
     do this in considerable detail.
    </P
></DD
></DL
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="postmaster-shutdown.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="ssl-tcp.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Shutting Down the Server</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="runtime.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Secure TCP/IP Connections with SSL</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional