Re: RFE: Transparent encryption on all fields

If it works without any change to client SQL queries and compatible with JPA,
then I'm all ears. Otherwise, I really think Sam Mason's idea was spot on...
it works around the inadequacies of encrypted drives and provides the same
level of on-server security.

Tomas Zerolo wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote:
>>
>>
>> Tomas Zerolo wrote:
>> >
>> >> If there were a way to prompt the user for the password to an
>> encrypted
>> >> drive on startup for all OS, with an equivalent for headless
>> machines...
>
> [...]
>
>> There is a difference between "it's possible" and "there is". I know of
>> no
>> such standard support of either of the standard OSes.
>
> Sorry. Denial doesn't help. It's not only "possible", it's being done
> all the time. Cf. <http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS>,
> for example. But you are attacking a strawman anyway.
>
> Client-side decryption matches much better what you had in mind -- and
> I think it's provably no less secure (and more convenient).
>
> The only hypothetical advantage of server-side encryption (there might
> be an opportunity of indexing) seems to be so mired in technical
> difficulties (if you want to avoid information leaks anyway) that I
> can't even imagine whether it's a real advantage.
>
> Regards
> - -- tomás
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJ9oriBcgs9XrR2kYRAj/CAJ9c1UERONoqYtjEj0N/aSp5IELFAgCffeTR
> nomoWcaFoE9fiYPD0EOr9To=
> =KevK
> -----END PGP SIGNATURE-----
>
> --
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
>
>

--
View this message in context: http://www.nabble.com/RFE%3A-Transparent-encryption-on-all-fields-tp23195216p23272501.html
Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.