Skip site navigation (1) Skip section navigation (2)

Re: RFE: Transparent encryption on all fields

From: Marc Munro <marc(at)bloodnok(dot)com>
To: tomas(at)tuxteam(dot)de
Cc: pgsql-hackers(at)postgresql(dot)org, wmoran(at)potentialtech(dot)com
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-23 20:31:39
Message-ID: (view raw or whole thread)
Lists: pgsql-hackers
On Thu, 2009-04-23 at 16:08 -0300, pgsql-hackers-owner(at)postgresql(dot)org
> On Thu, Apr 23, 2009 at 10:38:55AM -0400, Bill Moran wrote:
> [...]
> > It's possible that this could be accomplished by something like
> Veil,
> Veil? Care to share an URL?

Veil is intended to enable implementation of virtual private databases.
It provides a bunch of primitives for managing bitmaps of privileges.
These privileges can be used to control access to individual rows within
a table.

In principle it could be used in the way that Bill Moran suggests though
I have never used it that way.  I am somewhat suspicious of passing
encryption keys to the database server as there is always the potential
for them to be leaked.  It is generally much safer to keep keys and the
decryption process on a separate server.



pgsql-hackers by date

Next:From: Peter EisentrautDate: 2009-04-23 21:31:39
Subject: Re: PL compilations ignores LDFLAGS
Previous:From: Zdenek KotalaDate: 2009-04-23 20:16:46
Subject: Re: PL compilations ignores LDFLAGS

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group