| From: | tomas(at)tuxteam(dot)de |
|---|---|
| To: | Marc Munro <marc(at)bloodnok(dot)com> |
| Cc: | tomas(at)tuxteam(dot)de, pgsql-hackers(at)postgresql(dot)org, wmoran(at)potentialtech(dot)com |
| Subject: | Re: RFE: Transparent encryption on all fields |
| Date: | 2009-04-24 19:50:28 |
| Message-ID: | 20090424195028.GB28554@tomas |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Apr 23, 2009 at 01:31:39PM -0700, Marc Munro wrote:
[...]
> In principle it could be used in the way that Bill Moran suggests though
> I have never used it that way. I am somewhat suspicious of passing
> encryption keys to the database server as there is always the potential
> for them to be leaked.
Exactly.
> It is generally much safer to keep keys and the
> decryption process on a separate server.
Or just client-side. Minimum spread of knowledge. Decrypting fields
server-side gains us nothing which can't be achieved by encrypting the
whole data partition (this would protect us against the server being
stolen in a "shut down" state). And encrypting the partition gives us
indexing "as usual", which wouldn't be as easy to achieve with encrypted
fields.
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ8hgEBcgs9XrR2kYRAju5AJ4pRma6bOffFIDAf7yAzrS6vjMo6gCfW7r0
E5qa+P3hDT78qKrzLpWEi2Y=
=b8/v
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Grzegorz Jaskiewicz | 2009-04-24 20:58:54 | Re: GCC 4.4 compiler warnings |
| Previous Message | Bill Moran | 2009-04-24 19:48:16 | Re: RFE: Transparent encryption on all fields |