PGP scripting...
From: Andrew MacKenzie (andy@edespot.com)
Date: 01/07/03
- Previous message: Sverre H. Huseby: "Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection"
- Next in thread: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Maybe reply: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Reply: Giorgio Zoppi (deneb): "Re: PGP scripting..."
- Reply: Ed Carp: "Re: PGP scripting..."
- Reply: Alex Russell: "Re: PGP scripting..."
- Reply: Michael McKay: "RE: PGP scripting..."
- Reply: Chris Matthews: "RE: PGP scripting..."
- Reply: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
- Reply: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Reply: Andrew Steingruebl: "Re: PGP scripting..."
- Maybe reply: Andres Palomares: "RE: PGP scripting..."
- Maybe reply: Frank Knobbe: "Re: PGP scripting..."
- Reply: Steffen Dettmer: "Re: PGP scripting..."
- Maybe reply: Ogle Ron (Rennes): "RE: PGP scripting..."
- Maybe reply: Glenn_Everhart@bankone.com: "RE: PGP scripting..."
- Reply: David Wagner: "Re: PGP scripting..."
- Maybe reply: Tom Arseneault: "RE: PGP scripting..."
- Maybe reply: Jason Coombs: "RE: PGP scripting..."
- Maybe reply: Dawes, Rogan (ZA - Johannesburg): "RE: PGP scripting..."
- Maybe reply: Kenneth Buchanan: "RE: PGP scripting..."
- Maybe reply: David Wagner: "Re: PGP scripting..."
- Maybe reply: Ogle Ron (Rennes): "RE: PGP scripting..."
- Maybe reply: Glynn Clements: "RE: PGP scripting..."
- Maybe reply: Jason Coombs: "RE: PGP scripting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 7 Jan 2003 12:02:13 -0500 From: Andrew MacKenzie <andy@edespot.com> To: secprog@securityfocus.com
I apologize if this is a bit off-topic, but I'd like to ask a question
about practical use of PGP. I am a software developer, and have a client
who is making a great attempt at being security conscious (to the extent of
hiring a security consultant).
We (my client) have a system that loads orders into an Oracle DB, and
processes billing (Java/Solaris based). One of the 'decrees' from my
client is that all files that store 'sensitive' data (customer info and the
like) shall be PGP encrypted, and *never* be stored on a HDD in
un-encrypted form (even while processing said file).
I can understand the desire to archive these files in encrypted forms, and
to encrypt these files while transporting out of the system. But I think
this idea goes a bit too far as to be more counter-productive than useful.
After many days of fighting with 'pgp -f' and modifying processes to use
stdin/stdout, I've gotten much of this working.
I would have prefered to use a PGP library (Java code), but was unable to
find any within the timeframe.
My question therefore is: is all this worth the trouble? In order to use
PGP with scripts (or even Java code), the scripts need access to both the
private key and pass phrase (which are stored locally in files). If the
system were compromised would any of this help? Is there a better way I
could do this than what I am already doing? This is somewhat academic for
me at this point, as my client is inflexible on this point and code has
been written, but I'd be interested in hearing your opinions on this
subject.
Thanks.
-- // Andrew MacKenzie | http://www.edespot.com // "Those are my principles. If you don't like them I have others." // -- Groucho Marx
- application/pgp-signature attachment: stored
- Next message: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Previous message: Sverre H. Huseby: "Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection"
- Next in thread: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Maybe reply: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Reply: Giorgio Zoppi (deneb): "Re: PGP scripting..."
- Reply: Ed Carp: "Re: PGP scripting..."
- Reply: Alex Russell: "Re: PGP scripting..."
- Reply: Michael McKay: "RE: PGP scripting..."
- Reply: Chris Matthews: "RE: PGP scripting..."
- Reply: Valdis.Kletnieks@vt.edu: "Re: PGP scripting..."
- Reply: Mindaugas Zaksauskas: "Re: PGP scripting..."
- Reply: Andrew Steingruebl: "Re: PGP scripting..."
- Maybe reply: Andres Palomares: "RE: PGP scripting..."
- Maybe reply: Frank Knobbe: "Re: PGP scripting..."
- Reply: Steffen Dettmer: "Re: PGP scripting..."
- Maybe reply: Ogle Ron (Rennes): "RE: PGP scripting..."
- Maybe reply: Glenn_Everhart@bankone.com: "RE: PGP scripting..."
- Reply: David Wagner: "Re: PGP scripting..."
- Maybe reply: Tom Arseneault: "RE: PGP scripting..."
- Maybe reply: Jason Coombs: "RE: PGP scripting..."
- Maybe reply: Dawes, Rogan (ZA - Johannesburg): "RE: PGP scripting..."
- Maybe reply: Kenneth Buchanan: "RE: PGP scripting..."
- Maybe reply: David Wagner: "Re: PGP scripting..."
- Maybe reply: Ogle Ron (Rennes): "RE: PGP scripting..."
- Maybe reply: Glynn Clements: "RE: PGP scripting..."
- Maybe reply: Jason Coombs: "RE: PGP scripting..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
