在 Postgres 中存储加密数据 [英] Storing encrypted data in Postgres

问题描述

我需要在 Postgres 中以加密形式存储某些数据.显然，我需要对其进行加密、存储，并且能够读取和解密它.这样做的最佳方法是什么?

I have a requirement to store certain data in an encrypted form in Postgres. Obviously, I need to encrypt it, store it, and be able to read and decrypt it. What is the best way to do this?

推荐答案

最好的 方法是在客户端或应用服务器上进行加密，因此数据库不知道密钥是什么以及无法解密数据.如果客户端/应用服务器在不同的主机上，那就更好了.

The best way is to do the crypto on the client or application server, so the database has no idea what the keys are and cannot decrypt the data. If the client / appserver are on a different host, all the better.

如果您的数据库正在为您加密和解密数据，那么密钥很容易与数据库一起被盗.

If your database is encrypting and decrypting the data for you, then it's vulnerable to having the keys stolen along with the database.

如果您使用 pgcrypto 的数据库内加密函数，您可以让应用程序将密钥与数据一起发送，这至少有些帮助.但是，如果有用的系统管理员打开积极的语句日志记录或自动计划转储，它仍然存在将密钥暴露在日志中的风险，并且最终如果密钥进入数据库机器，它们比没有的情况下更容易受到攻击.控制数据库机器的攻击者还可以更改日志设置、替换 postgresql 二进制文件或嗅探流量以通过这种方式捕获密钥和数据.

If you use pgcrypto's in-database crypto functions you can have the application send the key along with the data, which is at least somewhat helpful. It still risks having the keys exposed in the logs if a helpful sysadmin turns on aggressive statement logging or automatic plan dumping, though, and in the end if the keys are going to the database machine they're more vulnerable than if they're not. An attacker who takes control of the database machine can also change log settings, replace the postgresql binaries, or sniff traffic to capture keys and data this way.

如果 appserver 和 db 在同一台机器上并由相同的角色管理，那么担心隔离它们就没有什么意义了，只使用 pgcrypto 可能是明智的.

If the appserver and db are on the same machine and managed by the same role(s) there's less point worrying about isolating them, and it may be sensible to just use pgcrypto.

不管怎样，记得加盐！

这篇关于在 Postgres 中存储加密数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！