在Postgres中存储加密数据 [英] Storing encrypted data in Postgres

问题描述

我需要以Postgres的加密形式存储某些数据。显然，我需要加密它，存储它，并能够读取和解密它。这样做最好的方法是什么？

I have a requirement to store certain data in an encrypted form in Postgres. Obviously, I need to encrypt it, store it, and be able to read and decrypt it. What is the best way to do this?

推荐答案

最好的方式是做加密客户端或应用程序服务器，所以数据库不知道密钥是什么，无法解密数据。如果客户端/应用服务器在不同的主机上，一切都会更好。

The best way is to do the crypto on the client or application server, so the database has no idea what the keys are and cannot decrypt the data. If the client / appserver are on a different host, all the better.

如果您的数据库正在为您加密和解密数据，则很容易被盗用与数据库一起。

If your database is encrypting and decrypting the data for you, then it's vulnerable to having the keys stolen along with the database.

如果您使用pgcrypto的数据库内加密功能，您可以让应用程序与数据一起发送密钥，这至少有点帮助。尽管如果有用的sysadmin打开了积极的语句记录或自动计划转储，仍然有可能将密钥暴露在日志中，并且最终如果密钥进入数据库机器，那么它们比不存在。控制数据库机器的攻击者也可以更改日志设置，替换postgresql二进制文件，或以嗅探流量捕获密钥和数据。

If you use pgcrypto's in-database crypto functions you can have the application send the key along with the data, which is at least somewhat helpful. It still risks having the keys exposed in the logs if a helpful sysadmin turns on aggressive statement logging or automatic plan dumping, though, and in the end if the keys are going to the database machine they're more vulnerable than if they're not. An attacker who takes control of the database machine can also change log settings, replace the postgresql binaries, or sniff traffic to capture keys and data this way.

如果应用服务器和db在同一台机器上，由相同的角色进行管理，只需使用pgcrypto就可以很容易理解。可以使用pgcrypto来解决这个问题。

If the appserver and db are on the same machine and managed by the same role(s) there's less point worrying about isolating them, and it may be sensible to just use pgcrypto.

记得要盐！

这篇关于在Postgres中存储加密数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！