Message7938
In a discussion last week, I was asked if the Roundup db could provide encryption at rest.
The attack mode was a user who could copy the db files. They already use full disk
encryption but it is not a solution to this threat profile. I stated that was not a
use case for Roundup. They ran both PostgreSQL and MariaDB.
However it looks like sqlite could support it.
https://www.zetetic.net/sqlcipher does AES256 encryption (similar to SEE) and does have
an open source implementation. It also has a DBI 2 python library
https://pypi.org/project/pysqlcipher3/.
Native SQLite has the SEE sqlite encryption extension. Which is supported by the maker
of SQLite, but is a paid addon. AFAICT there is no python module for it.
MySQL/MariaDB has transparent data encryption, but I have no idea how to manage that
from Python. PostgreSQL does have some patches and commercial solutions for disk DB
encryption, but again no obvious python support. There is public function to encrypt
columns, but again python support is a question There is a django-pycrypto
module that looks like it django's solution to this. Obviously for this to
be useful SSL/TLS connections to the db server would also be needed. |
|
Date |
User |
Action |
Args |
2024-02-11 22:57:50 | rouilj | set | recipients:
+ rouilj |
2024-02-11 22:57:50 | rouilj | set | messageid: <1707692270.54.0.252510313222.issue2551314@roundup.psfhosted.org> |
2024-02-11 22:57:50 | rouilj | link | issue2551314 messages |
2024-02-11 22:57:50 | rouilj | create | |
|