Subject Re: Does the database 'need' encryption?
Author ettotev
--- In, Lester Caine <lester@...> wrote:
> Just as a little sanity check here ...
> The situation of data being stored on a laptop or even a desktop machine and
> lost may be a case for encrypting the data, but it has become common practice
> NOT to allow the data to be retained on portable devices? With good quality
> wireless/mobile connections, the relevant data can be displayed on a remote
> machine, but it is simply stored in a secure environment, and all access TO the
> data is logged and restricted as required?
> So this does beg the question as to the need to spend a lot of time reinventing
> the wheel, when in reality if the data is so sensitive as to need encryption,
> then it is the paths to the data that need to be securely managed, rather than
> simply the data itself?

It seems every time the "database encryption" question shows up, it gets quickly drowned into complicated discussions about what real security is and how many different aspects have to be considered.

Let's not mix different things:

-- First and simplest, there is an application using embedded and I want to password-protect my database so that if anyone gets hold of the file they will not be able to read MY data without knowing the password or investing time and qualified effort in breaking the encryption.

-- Another reasonable requirement that is absolutely unrelated: I want to create encrypted protected backups of my database. This is valid also for full server deployments.

-- Also completely unrelated: I don't want anyone to be able to see my data while in transit on the network - either LAN or the internet. Part of this - I want to be sure that I'm connecting to my server and not to someone pretending to be.

-- Another one, also unrelated and much more complicated - I would want to be sure that no one is able to get to my data even if they break into my server - that's about encrypting temporary storage, protecting from in-memory attacks, clearing swap space and many more things that I confess I don't understand ;-)

So please let's try to keep things separated. A page-level encryption API is requested and though some believe it is not needed, most agree that it is possible and not too complicated. Then when the first encryption plug-ins appear, we may start another round of discussions on their merits and flaws.

The fact that many of you don't have requirements for encrypted database files or secure encrypted network protocol does not mean that anyone who require these simply do not know what they want.
Of course, all these problems can be solved using additional tools, but then we could also keep our data in text files and not bother with a DBMS...

And last but not least - most competing products already have these features.