| From: | "Owen Jacobson" <ojacobson(at)osl(dot)com> |
|---|---|
| To: | <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: Fwd: How to encrypt a column |
| Date: | 2005-08-11 20:50:45 |
| Message-ID: | 000901c59eb6$5977b120$9b00015a@osl.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Jeff Lu wrote:
> Hi,
>
> I'm interested in encrypting an column in table. Are there any
> example using "C" to create the encrypted column, inserting and
> retreiving data to/from it?
>
> the table is:
> CREATE TABLE mytable (
> id SERIAL PRIMARY KEY,
> crypted_content BYTEA
> );
>
> I'm getting (null) in the field with the following sql statement:
>
> strcpy(data, "data to be encrypted");
> sprintf(query_buff, "insert into mytable values('%s', '%s')", key,
Try printing out the contents of 'query_buff' here. You shouldn't be
getting NULLs in the table, but you may well be getting '' (the empty
string) if encrypt(data, 'foo', 'bar') returns "" or (char *) (0).
> encrypt(data, 'foo', 'bar'));
> PQexec(conn, query_string);
Even better, don't do it this way. This is potentially open to SQL
injection attacks and definitely open to problems with "interesting" values
of key.
Look up PQprepare/PQexecParams for separating the query string from the
values. I use ODBC indirectly, so I can't help you directly, but the docs
at
<http://www.postgresql.org/docs/current/static/libpq-exec.html#LIBPQ-EXEC-MA
IN>
should help.
> Another question is can the encrypted column be of type "text" ?
Can't see any reason why not, so long as the encrypted data is represented
as text.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hélder M. Vieira | 2005-08-11 21:26:13 | Re: Fwd: How to encrypt a column |
| Previous Message | Jeff Lu | 2005-08-11 20:39:22 | Fwd: How to encrypt a column |