Mais conteúdo relacionado
Semelhante a DB vs. encryption (20)
Mais de Tomas Vondra (19)
DB vs. encryption
- 6. full-disk encryption
● data-at-rest protection (theft of device)
● SQL injection
● filesystem-level access
● evil DBA
pgcrypto
● data-in-flight protection
● easy to leak key into logs / monitoring systems
- 10. can't compare / hash values
=> no indexing, aggregation, ...
(a lot of processing moves to app)
- 18. host B
TrustZone / SGX
HSM / usbarmory
application
(encrypt + decrypt)
database
● CREATE INDEX
● GROUP BY
● WHERE
crypto
(compare)
host A
IPC