| From: | Marko Kreen <markokr(at)gmail(dot)com> |
|---|---|
| To: | Bricklen Anderson <banderson(at)presinet(dot)com> |
| Cc: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Page-Level Encryption |
| Date: | 2006-01-20 22:41:40 |
| Message-ID: | e51f66da0601201441g752b32c3l1895498a473aeeff@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 1/21/06, Bricklen Anderson <banderson(at)presinet(dot)com> wrote:
> Jim C. Nasby wrote:
> > I would highly recommend taking a look at how Oracle is handling
> > encryption in the database in 10.2 (or whatever they're calling it).
> > They've done a good job of thinking out how to handle things like
> > managing the keys.
> >
> > I know that Oracle magazine did an article on it recently; you should be
> > able to find that online somewhere.
>
> This link?
> http://www.oracle.com/technology/oramag/oracle/05-sep/o55security.html
Two points about it:
1) Their threat model is very clear - someone gets the backup.
2) They have focused on usbility from inside the database.
Thats all good, but IMHO such threat is more profitable to solve
by simply feeding pg_dump output to GnuPG. This has one important
advantage over Oracle solution - no secret key is needed for
regular operation. It is only needed for restore operation.
--
marko
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ron | 2006-01-20 22:46:34 | Re: [GENERAL] Creation of tsearch2 index is very slow |
| Previous Message | Martijn van Oosterhout | 2006-01-20 22:33:27 | Re: [GENERAL] Creation of tsearch2 index is very slow |