Couldn't you just add a PGP based column (or similar encryption
protocol) for authentication? This would protect you against injection
attacks, would it not?
You could also use PGP or similar for key management if I'm not
mistaken.
-Will
-----Original Message-----
In response to Thomas Kellerer <spam_eater(at)gmx(dot)net>:
That was the first suggestion when we started brainstorming ideas.
Unfortunately, it fails to protect us from the most likely attack
vector: SQL Injection/application layer bugs. In an SQL Injection
(for example) the fact that the filesystem is encrypted does zero
to protect the sensitive data.