| From: | tomas(at)tuxteam(dot)de |
|---|---|
| To: | Bill Moran <wmoran(at)potentialtech(dot)com> |
| Cc: | Sam Halliday <sam(dot)halliday(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: RFE: Transparent encryption on all fields |
| Date: | 2009-04-24 19:45:26 |
| Message-ID: | 20090424194526.GA28554@tomas |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Apr 23, 2009 at 10:38:55AM -0400, Bill Moran wrote:
[...]
> It's possible that this could be accomplished by something like Veil,
> or the built-in implementation that's coming in some future version of
> PG (is it scheduled for 8.5 at this point?)
>
> Anyway, if a Veil rule required the user to enter a password that would
> decrypt their key then store it in the session [...]
Still, I don't see much advantage in doing the decryption server-side --
and one disadvantage: if someone hijacks the "live" server, they have
your key.
(The only possible addvantage would be indexing, but you would have to
solve tougher problems: how do you keep the index key protected?
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ8hbWBcgs9XrR2kYRAvChAJ9LMYjO1P0T5nB45ChooYBMxQHbvgCeJBfM
sqIJ9JMMZ0BNdsW2/XmxFOU=
=yqq/
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bill Moran | 2009-04-24 19:48:16 | Re: RFE: Transparent encryption on all fields |
| Previous Message | Bill Moran | 2009-04-24 19:45:16 | Re: RFE: Transparent encryption on all fields |