SlideShare a Scribd company logo

PGEncryption_Tutorial

Download as PPTX, PDF
Vibhor Kumar
Vibhor Kumar
1 of 35
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 1 Locked Up: Advances in Postgres Data Encryption Vibhor Kumar
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 2 Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 3 Reasons for Encryption • Protect Sensitive information • Protect it from identity theft
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 4 Reasons for Encryption • Satisfy Parnoia • Comply with laws and Standards (SOX, HIPPA, PCI etc)
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 5 • Application • Database Encryption at different Layers
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 6 • Storage Encryption at different Layers
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 7 Encryption at Application
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 8 • Advantages: − Protect sensitive data and control access in a more fine- grained way than is possible with almost any other form of encryption − Performance Benefits − Manageability − Secure execution inside the Application • Challenges − Deciding which tool/class should be used for encryption − Wrong implementation will give issue Encryption at Application Level
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 9 Encryption at Database
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 10 • Pgcrypto − Extension in PostgreSQL − CREATE EXTENSION pgcrypto; − Encryption as database functions − Provides 38 functions − Client Independent Database Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 11 • Pgcrypto (Raw encryption) − encrypt(data bytea, key bytea, type text) returns bytea − decrypt(data bytea, key bytea, type text) returns bytea − encrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea − decrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea • Type: bf-cbc, aes-cbc, ... (ecb supported, but..testing only) • Operates on bytea, returns bytea • gen_random_bytes() can be used to create key Database Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 12 • Limitations of these functions − Functions use user key directly as cipher key. − don't provide any integrity checking, to see if the encrypted data was modified. − expect that users manage all encryption parameters themselves − don't handle text. Database Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 13 • Pgcrypto (PGP Encryption) • pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea • pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea • pgp_pub_encrypt(data text, psw text [, options text ]) returns bytea • pgp_pub_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea • Operates on text in plaintext, bytea in ciphertext − armor(), dearmor() • Takes gpg style options like ciper-algo=aes256 Database Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 14 • Pgcrypto (Hashing) − SELECT digest(txt, type) − Returns bytea, use encode() to get hex − Md5, sha1, sha<more> • SELECT encode( digest('lolcats!', 'sha256'), 'base64') Database Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 15 • Pgcrypto (Hashing) • SELECT crypt('secret', gen_salt('bf')) − Stores salt as part of hash − Autodetects algorithm − md5, bf, etc • SELECT hash=crypt('secret', hash) Database Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 16 • Sorry, can't really be done by index • Match encrypted data for raw encrypted without padding − But this decreases security − And does «is equal» matching only • Index on expression − But why did you encrypt in the first place? Searching Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 17 Storage Encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 18 • Independent of the database • Filesystem block device level • Needs to keep fsync behaviour! • Keeps all database functionality Storage Encryption (Filesystem)
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 19 Storage Encryption (Filesystem) • Run initdb on enrypted filesystem
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 20 Network encryption
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 21 • Postgres built in SSL method • Using ssh tunnel Main Methods
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 22 • Encrypting Data across network SSL − Facility exists in Postgres − Configure server − Configure SSL flag in client − May need to open ports in firewall/router Postgres SSL Method
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 23 Postgres SSL Method
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 24 • Modify pg_hba.conf hostssl all all 0.0.0.0/0 md5 • Modify postgresql.conf • Ensure listen_address is set correctly. • Add − ssl = on • Check SSL certificate locations • Restart postgresql service service postgresql-9.5 restart Postgres SSL Method
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 25 • Connect using sslmode option with one of values: − disable − allow − prefer − Require − Verify-ca − Verify-full − Client configuration
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 26 • Libpq SSL modes Client configuration Protect Against Compatible with Server set Performance Client Mode Eaves Dropping MITM SSL Required SSL Disabled Overhead disable no no FAIL works no allow no no works works if necessary prefer no no works works if possible require yes no works FAIL yes verify-ca yes yes works FAIL yes verify-full yes yes works FAIL yes
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 27 • SSH Tunnel • No modifications to Postgres configuration • Use of existing SSH gateway Client configuration
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 28 Benchmark
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 29 • OS: CentOS Linux release 7.1.1503 (Core) 64 bit. • MS Azure instance Size: Standard DS3 − CPUs: 4 Cores, Intel(R) Xeon(R) CPU E5-2660 0 @ 2.20GHz − Memory: 14 GB memory) − Max IOPS: 12800 Benchmark
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 30 • PostgreSQL 9.5 tuning: − max_connections = 100 − shared_buffers = 6912MB − effective_cache_size = 20736MB − work_mem = 70778kB − maintenance_work_mem = 1728MB − checkpoint_completion_target = 0.9 − wal_buffers = 16MB − default_statistics_target = 500 Benchmark
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 31 • pgbench over same zone network. • Normal TPC-B benchmark: set nbranches :scale set ntellers 10 * :scale set naccounts 100000 * :scale setrandom aid 1 :naccounts setrandom bid 1 :nbranches setrandom tid 1 :ntellers setrandom delta -5000 5000 BEGIN; UPDATE pgbench_accounts SET abalance = abalance + :delta WHERE aid = :aid; SELECT abalance FROM pgbench_accounts WHERE aid = :aid; UPDATE pgbench_tellers SET tbalance = tbalance + :delta WHERE tid = :tid;UPDATE pgbench_branches SET bbalance = bbalance + :delta WHERE bid = :bid; INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (:tid, :bid, :aid, :delta, CURRENT_TIMESTAMP); END; Benchmark
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 32 • Command used for encrypted pgbench: • pgbench -i -s 100 -d encrypt_benchmark • ALTER TABLE pgbench_accounts ALTER COLUMN abalance TYPE BYTEA USING encrypt(abalance::text::bytea,'key'::bytea,'aes'); • ALTER TABLE pgbench_tellers ALTER COLUMN tbalance TYPE BYTEA USING encrypt(tbalance::text::bytea,'key'::bytea,'aes'); • ALTER TABLE pgbench_branches ALTER COLUMN bbalance TYPE BYTEA USING encrypt(bbalance::text::bytea,'key'::bytea,'aes'); Benchmark
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 33 • Encrypted TPC-B benchmark: BEGIN; UPDATE pgbench_accounts SET abalance = encrypt((convert_from(decrypt(abalance,'key'::bytea,'aes'), current_setting('server_encoding'))::bigint + :delta)::text::bytea, 'key'::bytea, 'aes') WHERE aid = :aid; SELECT convert_from(decrypt(abalance,'key'::bytea,'aes'), current_setting('server_encoding'))::bigint FROM pgbench_accounts WHERE aid = :aid; <other UPDATE chanes similar to above> INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (:tid, :bid, :aid, :delta, CURRENT_TIMESTAMP); END; Benchmark
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 34 Benchmark Result
© Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 35

Recommended

Backup and-recovery2
Backup and-recovery2Backup and-recovery2
Backup and-recovery2Command Prompt., Inc
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQLAmazon Web Services
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLMasahiko Sawada
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL AdministrationEDB
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?Ohyama Masanori
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3PoguttuezhiniVP
 
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPMake Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPAPNIC
 

Recommended

Backup and-recovery2
Backup and-recovery2Backup and-recovery2
Backup and-recovery2Command Prompt., Inc
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQLAmazon Web Services
 
Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Transparent Data Encryption in PostgreSQL and Integration with Key Management...
Transparent Data Encryption in PostgreSQL and Integration with Key Management...Masahiko Sawada
 
Transparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLTransparent Data Encryption in PostgreSQL
Transparent Data Encryption in PostgreSQLMasahiko Sawada
 
Mastering PostgreSQL Administration
Mastering PostgreSQL AdministrationMastering PostgreSQL Administration
Mastering PostgreSQL AdministrationEDB
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?Ohyama Masanori
 
Postgresql Database Administration- Day3
Postgresql Database Administration- Day3Postgresql Database Administration- Day3
Postgresql Database Administration- Day3PoguttuezhiniVP
 
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPMake Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPAPNIC
 
Security Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentSecurity Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentPGConf APAC
 
PostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec PatroniPostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec Patronislardiere
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialColin Charles
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci CompliaceDenish Patel
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performancePostgreSQL-Consulting
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStackShapeBlue
 
EDB Failover Manager - Features and Demo
EDB Failover Manager - Features and DemoEDB Failover Manager - Features and Demo
EDB Failover Manager - Features and DemoEDB
 
Postgresql database administration volume 1
Postgresql database administration volume 1Postgresql database administration volume 1
Postgresql database administration volume 1Federico Campoli
 
Getting started with postgresql
Getting started with postgresqlGetting started with postgresql
Getting started with postgresqlbotsplash.com
 
Best Practices of HA and Replication of PostgreSQL in Virtualized Environments
Best Practices of HA and Replication of PostgreSQL in Virtualized EnvironmentsBest Practices of HA and Replication of PostgreSQL in Virtualized Environments
Best Practices of HA and Replication of PostgreSQL in Virtualized EnvironmentsJignesh Shah
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replicationNTT DATA OSS Professional Services
 
PostgreSQL and RAM usage
PostgreSQL and RAM usagePostgreSQL and RAM usage
PostgreSQL and RAM usageAlexey Bashtanov
 
Lessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationLessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationSveta Smirnova
 
Managing Postgres with Ansible
Managing Postgres with AnsibleManaging Postgres with Ansible
Managing Postgres with AnsibleGulcin Yildirim Jelinek
 
High-speed Database Throughput Using Apache Arrow Flight SQL
High-speed Database Throughput Using Apache Arrow Flight SQLHigh-speed Database Throughput Using Apache Arrow Flight SQL
High-speed Database Throughput Using Apache Arrow Flight SQLScyllaDB
 
PostgreSQL Database Slides
PostgreSQL Database SlidesPostgreSQL Database Slides
PostgreSQL Database Slidesmetsarin
 
The columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowThe columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowJulien Le Dem
 
Minio Cloud Storage
Minio Cloud StorageMinio Cloud Storage
Minio Cloud StorageMinio
 
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLTop 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLJim Mlodgenski
 
Achieving High Availability in PostgreSQL
Achieving High Availability in PostgreSQLAchieving High Availability in PostgreSQL
Achieving High Availability in PostgreSQLMydbops
 
PostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
PostgresOpen 2013 A Comparison of PostgreSQL Encryption OptionsPostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
PostgresOpen 2013 A Comparison of PostgreSQL Encryption OptionsFaisal Akber
 
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
 

More Related Content

What's hot

Security Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentSecurity Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentPGConf APAC
 
PostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec PatroniPostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec Patronislardiere
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialColin Charles
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci CompliaceDenish Patel
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performancePostgreSQL-Consulting
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStackShapeBlue
 
EDB Failover Manager - Features and Demo
EDB Failover Manager - Features and DemoEDB Failover Manager - Features and Demo
EDB Failover Manager - Features and DemoEDB
 
Postgresql database administration volume 1
Postgresql database administration volume 1Postgresql database administration volume 1
Postgresql database administration volume 1Federico Campoli
 
Getting started with postgresql
Getting started with postgresqlGetting started with postgresql
Getting started with postgresqlbotsplash.com
 
Best Practices of HA and Replication of PostgreSQL in Virtualized Environments
Best Practices of HA and Replication of PostgreSQL in Virtualized EnvironmentsBest Practices of HA and Replication of PostgreSQL in Virtualized Environments
Best Practices of HA and Replication of PostgreSQL in Virtualized EnvironmentsJignesh Shah
 
Lessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationLessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationSveta Smirnova
 
High-speed Database Throughput Using Apache Arrow Flight SQL
High-speed Database Throughput Using Apache Arrow Flight SQLHigh-speed Database Throughput Using Apache Arrow Flight SQL
High-speed Database Throughput Using Apache Arrow Flight SQLScyllaDB
 
PostgreSQL Database Slides
PostgreSQL Database SlidesPostgreSQL Database Slides
PostgreSQL Database Slidesmetsarin
 
The columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowThe columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowJulien Le Dem
 
Minio Cloud Storage
Minio Cloud StorageMinio Cloud Storage
Minio Cloud StorageMinio
 
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLTop 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLJim Mlodgenski
 
Achieving High Availability in PostgreSQL
Achieving High Availability in PostgreSQLAchieving High Availability in PostgreSQL
Achieving High Availability in PostgreSQLMydbops
 

What's hot (20)

Security Best Practices for your Postgres Deployment
Security Best Practices for your Postgres DeploymentSecurity Best Practices for your Postgres Deployment
Security Best Practices for your Postgres Deployment
 
PostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec PatroniPostgreSQL - Haute disponibilité avec Patroni
PostgreSQL - Haute disponibilité avec Patroni
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete Tutorial
 
Achieving Pci Compliace
Achieving Pci CompliaceAchieving Pci Compliace
Achieving Pci Compliace
 
Linux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performanceLinux tuning to improve PostgreSQL performance
Linux tuning to improve PostgreSQL performance
 
Ceph with CloudStack
Ceph with CloudStackCeph with CloudStack
Ceph with CloudStack
 
EDB Failover Manager - Features and Demo
EDB Failover Manager - Features and DemoEDB Failover Manager - Features and Demo
EDB Failover Manager - Features and Demo
 
Postgresql database administration volume 1
Postgresql database administration volume 1Postgresql database administration volume 1
Postgresql database administration volume 1
 
Getting started with postgresql
Getting started with postgresqlGetting started with postgresql
Getting started with postgresql
 
Best Practices of HA and Replication of PostgreSQL in Virtualized Environments
Best Practices of HA and Replication of PostgreSQL in Virtualized EnvironmentsBest Practices of HA and Replication of PostgreSQL in Virtualized Environments
Best Practices of HA and Replication of PostgreSQL in Virtualized Environments
 
PostgreSQL replication
PostgreSQL replicationPostgreSQL replication
PostgreSQL replication
 
PostgreSQL and RAM usage
PostgreSQL and RAM usagePostgreSQL and RAM usage
PostgreSQL and RAM usage
 
Lessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting ReplicationLessons Learned: Troubleshooting Replication
Lessons Learned: Troubleshooting Replication
 
Managing Postgres with Ansible
Managing Postgres with AnsibleManaging Postgres with Ansible
Managing Postgres with Ansible
 
High-speed Database Throughput Using Apache Arrow Flight SQL
High-speed Database Throughput Using Apache Arrow Flight SQLHigh-speed Database Throughput Using Apache Arrow Flight SQL
High-speed Database Throughput Using Apache Arrow Flight SQL
 
PostgreSQL Database Slides
PostgreSQL Database SlidesPostgreSQL Database Slides
PostgreSQL Database Slides
 
The columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache ArrowThe columnar roadmap: Apache Parquet and Apache Arrow
The columnar roadmap: Apache Parquet and Apache Arrow
 
Minio Cloud Storage
Minio Cloud StorageMinio Cloud Storage
Minio Cloud Storage
 
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQLTop 10 Mistakes When Migrating From Oracle to PostgreSQL
Top 10 Mistakes When Migrating From Oracle to PostgreSQL
 
Achieving High Availability in PostgreSQL
Achieving High Availability in PostgreSQLAchieving High Availability in PostgreSQL
Achieving High Availability in PostgreSQL
 

Viewers also liked

PostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
PostgresOpen 2013 A Comparison of PostgreSQL Encryption OptionsPostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
PostgresOpen 2013 A Comparison of PostgreSQL Encryption OptionsFaisal Akber
 
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlKohei KaiGai
 
EnterpriseDB Postgres Survey Results - 2013
EnterpriseDB Postgres Survey Results - 2013EnterpriseDB Postgres Survey Results - 2013
EnterpriseDB Postgres Survey Results - 2013EDB
 
NoSQL on ACID - Meet Unstructured Postgres
NoSQL on ACID - Meet Unstructured PostgresNoSQL on ACID - Meet Unstructured Postgres
NoSQL on ACID - Meet Unstructured PostgresEDB
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentEDB
 
Writing A Foreign Data Wrapper
Writing A Foreign Data WrapperWriting A Foreign Data Wrapper
Writing A Foreign Data Wrapperpsoo1978
 
Kevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres Open
Kevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres OpenKevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres Open
Kevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres OpenPostgresOpen
 
Getting Started with PostGIS
Getting Started with PostGISGetting Started with PostGIS
Getting Started with PostGISEDB
 
Migrating from Oracle to Postgres
Migrating from Oracle to PostgresMigrating from Oracle to Postgres
Migrating from Oracle to PostgresEDB
 
Key Methodologies for Migrating from Oracle to Postgres
Key Methodologies for Migrating from Oracle to PostgresKey Methodologies for Migrating from Oracle to Postgres
Key Methodologies for Migrating from Oracle to PostgresEDB
 
Partition and conquer large data in PostgreSQL 10
Partition and conquer large data in PostgreSQL 10Partition and conquer large data in PostgreSQL 10
Partition and conquer large data in PostgreSQL 10Ashutosh Bapat
 
Best Practices for a Complete Postgres Enterprise Architecture Setup
Best Practices for a Complete Postgres Enterprise Architecture SetupBest Practices for a Complete Postgres Enterprise Architecture Setup
Best Practices for a Complete Postgres Enterprise Architecture SetupEDB
 
pg_hba.conf 이야기
pg_hba.conf 이야기pg_hba.conf 이야기
pg_hba.conf 이야기PgDay.Seoul
 
Postgres in Production - Best Practices 2014
Postgres in Production - Best Practices 2014Postgres in Production - Best Practices 2014
Postgres in Production - Best Practices 2014EDB
 
Backup recovery with PostgreSQL
Backup recovery with PostgreSQLBackup recovery with PostgreSQL
Backup recovery with PostgreSQLFederico Campoli
 

Viewers also liked (16)

PostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
PostgresOpen 2013 A Comparison of PostgreSQL Encryption OptionsPostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
PostgresOpen 2013 A Comparison of PostgreSQL Encryption Options
 
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access controlThe Security-Enhanced PostgreSQL - "system wide" consistency in access control
The Security-Enhanced PostgreSQL - "system wide" consistency in access control
 
EnterpriseDB Postgres Survey Results - 2013
EnterpriseDB Postgres Survey Results - 2013EnterpriseDB Postgres Survey Results - 2013
EnterpriseDB Postgres Survey Results - 2013
 
NoSQL on ACID - Meet Unstructured Postgres
NoSQL on ACID - Meet Unstructured PostgresNoSQL on ACID - Meet Unstructured Postgres
NoSQL on ACID - Meet Unstructured Postgres
 
Top 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres DeploymentTop 10 Tips for an Effective Postgres Deployment
Top 10 Tips for an Effective Postgres Deployment
 
Writing A Foreign Data Wrapper
Writing A Foreign Data WrapperWriting A Foreign Data Wrapper
Writing A Foreign Data Wrapper
 
Kevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres Open
Kevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres OpenKevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres Open
Kevin Kempter PostgreSQL Backup and Recovery Methods @ Postgres Open
 
Getting Started with PostGIS
Getting Started with PostGISGetting Started with PostGIS
Getting Started with PostGIS
 
Migrating from Oracle to Postgres
Migrating from Oracle to PostgresMigrating from Oracle to Postgres
Migrating from Oracle to Postgres
 
Key Methodologies for Migrating from Oracle to Postgres
Key Methodologies for Migrating from Oracle to PostgresKey Methodologies for Migrating from Oracle to Postgres
Key Methodologies for Migrating from Oracle to Postgres
 
Partition and conquer large data in PostgreSQL 10
Partition and conquer large data in PostgreSQL 10Partition and conquer large data in PostgreSQL 10
Partition and conquer large data in PostgreSQL 10
 
Best Practices for a Complete Postgres Enterprise Architecture Setup
Best Practices for a Complete Postgres Enterprise Architecture SetupBest Practices for a Complete Postgres Enterprise Architecture Setup
Best Practices for a Complete Postgres Enterprise Architecture Setup
 
pg_hba.conf 이야기
pg_hba.conf 이야기pg_hba.conf 이야기
pg_hba.conf 이야기
 
Secure PostgreSQL deployment
Secure PostgreSQL deploymentSecure PostgreSQL deployment
Secure PostgreSQL deployment
 
Postgres in Production - Best Practices 2014
Postgres in Production - Best Practices 2014Postgres in Production - Best Practices 2014
Postgres in Production - Best Practices 2014
 
Backup recovery with PostgreSQL
Backup recovery with PostgreSQLBackup recovery with PostgreSQL
Backup recovery with PostgreSQL
 

Similar to PGEncryption_Tutorial

Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5EDB
 
New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13EDB
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceNagios
 
How to use postgresql.conf to configure and tune the PostgreSQL server
How to use postgresql.conf to configure and tune the PostgreSQL serverHow to use postgresql.conf to configure and tune the PostgreSQL server
How to use postgresql.conf to configure and tune the PostgreSQL serverEDB
 
The Central View of your Data with Postgres
The Central View of your Data with PostgresThe Central View of your Data with Postgres
The Central View of your Data with PostgresEDB
 
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosDeep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosSajith C P Nair
 
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)Akamai Developers & Admins
 
9.6_Course Material-Postgresql_002.pdf
9.6_Course Material-Postgresql_002.pdf9.6_Course Material-Postgresql_002.pdf
9.6_Course Material-Postgresql_002.pdfsreedb2
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13EDB
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
PPCD_And_AmazonRDS
PPCD_And_AmazonRDSPPCD_And_AmazonRDS
PPCD_And_AmazonRDSVibhor Kumar
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 
Postgres Point-in-Time Recovery
Postgres Point-in-Time RecoveryPostgres Point-in-Time Recovery
Postgres Point-in-Time RecoveryEDB
 
2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest management2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest managementDaliya Spasova
 
MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014
MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014
MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014Dave Stokes
 
GLOC 2014 NEOOUG - Oracle Database 12c New Features
GLOC 2014 NEOOUG - Oracle Database 12c New FeaturesGLOC 2014 NEOOUG - Oracle Database 12c New Features
GLOC 2014 NEOOUG - Oracle Database 12c New FeaturesBiju Thomas
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLEDB
 

Similar to PGEncryption_Tutorial (20)

Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5Expanding with EDB Postgres Advanced Server 9.5
Expanding with EDB Postgres Advanced Server 9.5
 
New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13
 
Dave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical ExperienceDave Williams - Nagios Log Server - Practical Experience
Dave Williams - Nagios Log Server - Practical Experience
 
How to use postgresql.conf to configure and tune the PostgreSQL server
How to use postgresql.conf to configure and tune the PostgreSQL serverHow to use postgresql.conf to configure and tune the PostgreSQL server
How to use postgresql.conf to configure and tune the PostgreSQL server
 
The Central View of your Data with Postgres
The Central View of your Data with PostgresThe Central View of your Data with Postgres
The Central View of your Data with Postgres
 
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenariosDeep Dive - Usage of on premises data gateway for hybrid integration scenarios
Deep Dive - Usage of on premises data gateway for hybrid integration scenarios
 
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
Configs, Configs, Everywhere! (Actually, Let's Simplify All Those Configs)
 
9.6_Course Material-Postgresql_002.pdf
9.6_Course Material-Postgresql_002.pdf9.6_Course Material-Postgresql_002.pdf
9.6_Course Material-Postgresql_002.pdf
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13New enhancements for security and usability in EDB 13
New enhancements for security and usability in EDB 13
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
PPCD_And_AmazonRDS
PPCD_And_AmazonRDSPPCD_And_AmazonRDS
PPCD_And_AmazonRDS
 
PostgreSQL
PostgreSQLPostgreSQL
PostgreSQL
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 
Postgres Point-in-Time Recovery
Postgres Point-in-Time RecoveryPostgres Point-in-Time Recovery
Postgres Point-in-Time Recovery
 
2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest management2020 07-30 elastic agent + ingest management
2020 07-30 elastic agent + ingest management
 
MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014
MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014
MySQL 5.7 New Features to Exploit -- PHPTek/Chicago MySQL User Group May 2014
 
GLOC 2014 NEOOUG - Oracle Database 12c New Features
GLOC 2014 NEOOUG - Oracle Database 12c New FeaturesGLOC 2014 NEOOUG - Oracle Database 12c New Features
GLOC 2014 NEOOUG - Oracle Database 12c New Features
 
PostgreSQL
PostgreSQL PostgreSQL
PostgreSQL
 
Best Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQLBest Practices in Security with PostgreSQL
Best Practices in Security with PostgreSQL
 

PGEncryption_Tutorial

  • 1. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 1 Locked Up: Advances in Postgres Data Encryption Vibhor Kumar
  • 2. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 2 Encryption
  • 3. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 3 Reasons for Encryption • Protect Sensitive information • Protect it from identity theft
  • 4. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 4 Reasons for Encryption • Satisfy Parnoia • Comply with laws and Standards (SOX, HIPPA, PCI etc)
  • 5. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 5 • Application • Database Encryption at different Layers
  • 6. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 6 • Storage Encryption at different Layers
  • 7. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 7 Encryption at Application
  • 8. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 8 • Advantages: − Protect sensitive data and control access in a more fine- grained way than is possible with almost any other form of encryption − Performance Benefits − Manageability − Secure execution inside the Application • Challenges − Deciding which tool/class should be used for encryption − Wrong implementation will give issue Encryption at Application Level
  • 9. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 9 Encryption at Database
  • 10. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 10 • Pgcrypto − Extension in PostgreSQL − CREATE EXTENSION pgcrypto; − Encryption as database functions − Provides 38 functions − Client Independent Database Encryption
  • 11. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 11 • Pgcrypto (Raw encryption) − encrypt(data bytea, key bytea, type text) returns bytea − decrypt(data bytea, key bytea, type text) returns bytea − encrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea − decrypt_iv(data bytea, key bytea, iv bytea, type text) returns bytea • Type: bf-cbc, aes-cbc, ... (ecb supported, but..testing only) • Operates on bytea, returns bytea • gen_random_bytes() can be used to create key Database Encryption
  • 12. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 12 • Limitations of these functions − Functions use user key directly as cipher key. − don't provide any integrity checking, to see if the encrypted data was modified. − expect that users manage all encryption parameters themselves − don't handle text. Database Encryption
  • 13. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 13 • Pgcrypto (PGP Encryption) • pgp_sym_encrypt(data text, psw text [, options text ]) returns bytea • pgp_sym_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea • pgp_pub_encrypt(data text, psw text [, options text ]) returns bytea • pgp_pub_encrypt_bytea(data bytea, psw text [, options text ]) returns bytea • Operates on text in plaintext, bytea in ciphertext − armor(), dearmor() • Takes gpg style options like ciper-algo=aes256 Database Encryption
  • 14. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 14 • Pgcrypto (Hashing) − SELECT digest(txt, type) − Returns bytea, use encode() to get hex − Md5, sha1, sha<more> • SELECT encode( digest('lolcats!', 'sha256'), 'base64') Database Encryption
  • 15. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 15 • Pgcrypto (Hashing) • SELECT crypt('secret', gen_salt('bf')) − Stores salt as part of hash − Autodetects algorithm − md5, bf, etc • SELECT hash=crypt('secret', hash) Database Encryption
  • 16. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 16 • Sorry, can't really be done by index • Match encrypted data for raw encrypted without padding − But this decreases security − And does «is equal» matching only • Index on expression − But why did you encrypt in the first place? Searching Encryption
  • 17. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 17 Storage Encryption
  • 18. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 18 • Independent of the database • Filesystem block device level • Needs to keep fsync behaviour! • Keeps all database functionality Storage Encryption (Filesystem)
  • 19. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 19 Storage Encryption (Filesystem) • Run initdb on enrypted filesystem
  • 20. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 20 Network encryption
  • 21. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 21 • Postgres built in SSL method • Using ssh tunnel Main Methods
  • 22. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 22 • Encrypting Data across network SSL − Facility exists in Postgres − Configure server − Configure SSL flag in client − May need to open ports in firewall/router Postgres SSL Method
  • 23. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 23 Postgres SSL Method
  • 24. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 24 • Modify pg_hba.conf hostssl all all 0.0.0.0/0 md5 • Modify postgresql.conf • Ensure listen_address is set correctly. • Add − ssl = on • Check SSL certificate locations • Restart postgresql service service postgresql-9.5 restart Postgres SSL Method
  • 25. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 25 • Connect using sslmode option with one of values: − disable − allow − prefer − Require − Verify-ca − Verify-full − Client configuration
  • 26. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 26 • Libpq SSL modes Client configuration Protect Against Compatible with Server set Performance Client Mode Eaves Dropping MITM SSL Required SSL Disabled Overhead disable no no FAIL works no allow no no works works if necessary prefer no no works works if possible require yes no works FAIL yes verify-ca yes yes works FAIL yes verify-full yes yes works FAIL yes
  • 27. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 27 • SSH Tunnel • No modifications to Postgres configuration • Use of existing SSH gateway Client configuration
  • 28. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 28 Benchmark
  • 29. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 29 • OS: CentOS Linux release 7.1.1503 (Core) 64 bit. • MS Azure instance Size: Standard DS3 − CPUs: 4 Cores, Intel(R) Xeon(R) CPU E5-2660 0 @ 2.20GHz − Memory: 14 GB memory) − Max IOPS: 12800 Benchmark
  • 30. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 30 • PostgreSQL 9.5 tuning: − max_connections = 100 − shared_buffers = 6912MB − effective_cache_size = 20736MB − work_mem = 70778kB − maintenance_work_mem = 1728MB − checkpoint_completion_target = 0.9 − wal_buffers = 16MB − default_statistics_target = 500 Benchmark
  • 31. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 31 • pgbench over same zone network. • Normal TPC-B benchmark: set nbranches :scale set ntellers 10 * :scale set naccounts 100000 * :scale setrandom aid 1 :naccounts setrandom bid 1 :nbranches setrandom tid 1 :ntellers setrandom delta -5000 5000 BEGIN; UPDATE pgbench_accounts SET abalance = abalance + :delta WHERE aid = :aid; SELECT abalance FROM pgbench_accounts WHERE aid = :aid; UPDATE pgbench_tellers SET tbalance = tbalance + :delta WHERE tid = :tid;UPDATE pgbench_branches SET bbalance = bbalance + :delta WHERE bid = :bid; INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (:tid, :bid, :aid, :delta, CURRENT_TIMESTAMP); END; Benchmark
  • 32. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 32 • Command used for encrypted pgbench: • pgbench -i -s 100 -d encrypt_benchmark • ALTER TABLE pgbench_accounts ALTER COLUMN abalance TYPE BYTEA USING encrypt(abalance::text::bytea,'key'::bytea,'aes'); • ALTER TABLE pgbench_tellers ALTER COLUMN tbalance TYPE BYTEA USING encrypt(tbalance::text::bytea,'key'::bytea,'aes'); • ALTER TABLE pgbench_branches ALTER COLUMN bbalance TYPE BYTEA USING encrypt(bbalance::text::bytea,'key'::bytea,'aes'); Benchmark
  • 33. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 33 • Encrypted TPC-B benchmark: BEGIN; UPDATE pgbench_accounts SET abalance = encrypt((convert_from(decrypt(abalance,'key'::bytea,'aes'), current_setting('server_encoding'))::bigint + :delta)::text::bytea, 'key'::bytea, 'aes') WHERE aid = :aid; SELECT convert_from(decrypt(abalance,'key'::bytea,'aes'), current_setting('server_encoding'))::bigint FROM pgbench_accounts WHERE aid = :aid; <other UPDATE chanes similar to above> INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (:tid, :bid, :aid, :delta, CURRENT_TIMESTAMP); END; Benchmark
  • 34. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 34 Benchmark Result
  • 35. © Copyright EnterpriseDB Corporation, 2015. All Rights Reserved. 35

Editor's Notes

  1. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu
  2. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu
  3. * Spoofing
  4. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu
  5. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu
  6. The algorithms in crypt() differ from the usual MD5 or SHA1 hashing algorithms in the following respects: They are slow. As the amount of data is so small, this is the only way to make brute-forcing passwords hard. They use a random value, called the salt, so that users having the same password will have different encrypted passwords. This is also an additional defense against reversing the algorithm. They include the algorithm type in the result, so passwords hashed with different algorithms can co-exist. Some of them are adaptive — that means when computers get faster, you can tune the algorithm to be slower, without introducing incompatibility with existing passwords.
  7. Pretty Good Privacy; OpenPGP (RFC 4880) standard. An encrypted PGP message consists of 2 parts, or packets: Packet containing a session key — either symmetric-key or public-key encrypted. Packet containing data encrypted with the session key. *armor, dearmor: These functions wrap/unwrap binary data into PGP ASCII-armor format, which is basically Base64 with CRC and additional formatting. pgp_sym_encrypt(data, psw, 'compress-algo=1, cipher-algo=aes256')
  8. F.25.6.2. NULL Handling As is standard in SQL, all functions return NULL, if any of the arguments are NULL. This may create security risks on careless usage. F.25.6.3. Security Limitations All pgcrypto functions run inside the database server. That means that all the data and passwords move between pgcrypto and client applications in clear text. Thus you must: Connect locally or use SSL connections. Trust both system and database administrator. If you cannot, then better do crypto inside client application.
  9. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu
  10. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu
  11. disable No No I don't care about security, and I don't want to pay the overhead of encryption. allow Maybe No I don't care about security, but I will pay the overhead of encryption if the server insists on it. prefer Maybe No I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. require Yes No I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. verify-ca Yes Depends on CA-policy I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. verify-full Yes Yes I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify.
  12. disable No No I don't care about security, and I don't want to pay the overhead of encryption. allow Maybe No I don't care about security, but I will pay the overhead of encryption if the server insists on it. prefer Maybe No I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. require Yes No I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. verify-ca Yes Depends on CA-policy I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. verify-full Yes Yes I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify.
  13. This PowerPoint Template includes a series of slide masters with predefined layouts and color schemes for formatting slides Slide Masters are displayed when you right click on a slide and select Layout from menu