[ZODB-Dev] Feature Request: Database Encryption
Tim Peters
tim at zope.com
Fri Aug 20 14:49:33 EDT 2004
[Ricardo Olenewa]
> I'm probably not the first to request this, but:
>
> Are there any plans to build strong encryption (AES, perhaps) into ZODB?
I'm not aware of plans to build any flavor of encryption into ZODB.
> From a security perspective, this would be an excellent addition.
>
> I've read some year-old chatter about placing data.fs on an encrypted
> file system, which is a great idea, but only one part of an adequate
> solution if you're looking for strong security. An encrypted file system
> only protects you against physical theft of your unmounted file system.
Doesn't that depend on the filesystem? For example, the Encrypting File
System gimmick in NTFS intends to give each encrypted file per-user
decryption rights. I don't know how (in)secure it is in practice:
http://www.ntfs.com/ntfs-encrypted.htm
If something like that can work, a huge advantage is that huge mounds of
core code and tools relying on unfettered access to file internals wouldn't
have to change.
> In any case, some way to encrypt the entire ZODB would be great. Some way
> to encrypt records by user would be even better, but probably not worth
> effort.
Like anything else, it requires that someone want this enough to do the work
themself, or to pay someone else to do it. It's not in the plans now.
More information about the ZODB-Dev
mailing list