-1

Assume that I do not enable encryption at rest for my POSTGRES database, and the database is installed in a VM which has bitlocker encryption.

If a hacker copies the database files, can they read the data? How can the copied database files be misused by hackers if the database is not encrypted at rest?

stalwalk
  • 111
  • 10
  • If a hacker has access to an unencrypted database, they can do what ever they like with it. – Paul Smith Aug 25 '20 at 12:42
  • Your premise is contradictory: you say that the VM has bitlocker encryption and "properly configured" network settings, but then assume that someone has accessed the files. This is like saying "if I build an impenetrable fortress and somebody gets in, can they get into my bedroom?" – IMSoP Aug 25 '20 at 12:42
  • @IMSoP, yes you are correct. I edited the question to remove the confusion due to networking. – stalwalk Aug 25 '20 at 12:45
  • @stalwalk OK, but now we have the opposite problem: it should be fairly obvious that the answer is "yes" - they have access to the same data that you do, and it's not encrypted, so they can read it just as easily as you. – IMSoP Aug 25 '20 at 12:50
  • @IMSoP, this is not clear to me. My understanding is that if they dont have the user name and password, then they cannot connect. I want to know the ways in which they can misuse the files. – stalwalk Aug 25 '20 at 12:53
  • @stalwalk If the data is not encrypted, then by definition it is in the files in "plain text" - not necessarily actually text, but some representation that can be read by anyone who knows the file format. If a password was necessary to extract the data from the files, that would be encryption. So "can someone read an unencrypted file" is roughly equivalent to "can someone open an unlocked door". – IMSoP Aug 25 '20 at 12:58

1 Answers1

1

Yes; anybody will access to the unencrypted database files can extract information from it.

If the data directory is intact, the simplest way is to start PostgreSQL against the data directory.

But even with partial data a dedicated PostgreSQL expert can extract a lot of information.

Laurenz Albe
  • 209,280
  • 17
  • 206
  • 263