Posted by Christopher Browne on 12/11/05 03:04

> Christopher Browne (cbbrowne@acm.org) writes:
>> Unfortunately, that means that you have to trust the database
>> engine with the cryptographic keys.
>>
>> That means the DB engine is free to do whatever it likes with them,
>> which is an inherent, vast, gaping security hole.
>
> Eh? The DB engine does not have a mind of its own. Of course, any
> piece of software can be spyware that leaks secrets behind your
> backs, but if you are that paranoid, you should not use computers at
> all.
>
> Or could you care to elaborate what you actually mean?

If risk to be mitigated is that you do not wish to trust the system
administrators with the data, then you must not give the keys to any
component that system administrators can control.

That obviously includes the database engine.
--
output = ("cbbrowne" "@" "ntlug.org")
http://linuxdatabases.info/info/lsf.html
Rules of the Evil Overlord #114. "I will never accept a challenge from
the hero." <http://www.eviloverlord.com/>

[Back to original message]