Skip site navigation (1) Skip section navigation (2)

Re: RFE: Transparent encryption on all fields

From: Marc Munro <marc(at)bloodnok(dot)com>
To: tomas(at)tuxteam(dot)de
Cc: pgsql-hackers(at)postgresql(dot)org, wmoran(at)potentialtech(dot)com
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-23 20:31:39
Message-ID: 1240518699.6517.14.camel@bloodnok.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Thu, 2009-04-23 at 16:08 -0300, pgsql-hackers-owner(at)postgresql(dot)org
wrote:
> On Thu, Apr 23, 2009 at 10:38:55AM -0400, Bill Moran wrote:
> 
> [...]
> 
> > It's possible that this could be accomplished by something like
> Veil,
> 
> Veil? Care to share an URL?

http://veil.projects.postgresql.org/curdocs/index.html

Veil is intended to enable implementation of virtual private databases.
It provides a bunch of primitives for managing bitmaps of privileges.
These privileges can be used to control access to individual rows within
a table.

In principle it could be used in the way that Bill Moran suggests though
I have never used it that way.  I am somewhat suspicious of passing
encryption keys to the database server as there is always the potential
for them to be leaked.  It is generally much safer to keep keys and the
decryption process on a separate server.

__
Marc

Responses

pgsql-hackers by date

Next:From: Peter EisentrautDate: 2009-04-23 21:31:39
Subject: Re: PL compilations ignores LDFLAGS
Previous:From: Zdenek KotalaDate: 2009-04-23 20:16:46
Subject: Re: PL compilations ignores LDFLAGS

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group