| From: | tomas(at)tuxteam(dot)de |
|---|---|
| To: | Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: New types for transparent encryption |
| Date: | 2009-07-07 10:17:26 |
| Message-ID: | 20090707101726.GA9083@tomas |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, Jul 07, 2009 at 05:35:28PM +0900, Itagaki Takahiro wrote:
> Our manual says we can use pgcrypto functions or encrypted filesystems
> for data encryption.
> http://www.postgresql.org/docs/8.4/static/encryption-options.html
As other posters have put it, I'd be very sceptical of server-side
decryption. If the server "has" all the necessary bits to decrypt the
data, all bets are off.
[encryption might be OK, with an asymmetrical scheme in the
vein of public key cryptography].
A client-side decryption (and maybe encryption as well) seems way more
attractive. For that, libpqtypes[1],[2] might come in very handy.
[1] <http://pgfoundry.org/projects/libpqtypes/>
[2] <http://libpqtypes.esilo.com/>
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFKUyC2Bcgs9XrR2kYRAiJoAJ9426t1bMtZ90690cwU9X+F4GJZkgCfZsJ2
YIon8ulaHI64l5GKbDwV4hM=
=I9fS
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2009-07-07 10:20:12 | Re: Small foreign key error message improvement |
| Previous Message | Heikki Linnakangas | 2009-07-07 09:27:12 | Re: New types for transparent encryption |