On Tuesday 09 May 2017 09:24:08 Antonis Christofides wrote: > > and root seems (unsurprisingly) able to do anything desired with the > > database. > > He meant that root wouldn't be able to read the database if the > database was encrypted. But, again, the question is whether root > would have access to the encryption keys. If the django user has > access to the encryption keys, root also does.
Defending against a targetted attack is extremely hard. It's also a minute percentage of the attacks out there. A site may never see one as it's simply not worth the effort. By putting the encryption keys on a networked resource, you defend against exploits that make everything they can see world-readable (which will go unnoticed far more then it should and can have great pay outs). Or for example a compromised ftp daemon that can now hand you the file it normally wouldn't. The vast majority of security attacks are wide scans for known failures, which try to create as much yield as possible with the least ammount of detection. This is because it takes time to follow-up on the success of the hack. For example, I've dealt with an exploit that infected all files with a redirect - but - only when viewed on a mobile device. Not because it wanted to infect mobile devices, but simply because it would go unnoticed much longer, especially by the people that work with it daily. > What I'm getting at is that the benefits of encrypting the database > are questionable. That can be said about any encryption, as everything can be decrypted given enough time and resources - a fact that not enough people say out loud. The assumption is that at the time it is decrypted the information is no longer relevant. > Maybe there is some edge case in which it would be > useful. It's useful for the majority of cases. Every hurdle - every deviation from the defaults or commonly used conventions helps against those wide-targgetted scanners. Just look at your webserver logs how many of those fail just because you didn't make phpMyAdmin available in one of the common aliases. And think how many succeed because they run vanilla Ubuntu and never actually made an effort to think about this stuff. Now, there's even a totally different use case. Say, I want make answers to exams available, but only after the exam. Using time-lapse cryptography[1], I can make the answers only available after a certain time :). Anyway - there's enough food for thought in here, so I'm out, unless the OP explains his use case and needs more help. -- Melvyn Sopacua -------- [1] https://crypto.stackexchange.com/a/3072 -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at https://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/4099429.zBxrgMXHrk%40devstation. For more options, visit https://groups.google.com/d/optout.
