Skip site navigation (1) Skip section navigation (2)

Re: viewing source code

From: Andrew Sullivan <ajs(at)crankycanuck(dot)ca>
To: pgsql-performance(at)postgresql(dot)org
Subject: Re: viewing source code
Date: 2007-12-20 22:35:47
Message-ID: 20071220223547.GA4924@crankycanuck.ca (view raw or flat)
Thread:
Lists: pgsql-performance
On Thu, Dec 20, 2007 at 05:04:33PM -0500, Merlin Moncure wrote:
> right, right, thanks for the lecture.  I am aware of various issues
> with key management.

Sorry to come off that way.  It wasn't my intention to lecture, but rather
to try to stop dead a cure that, in my opinion, is rather worse than the
disease.

> I said 'simple' not 'good'. 

I think this is where we disagree.  It's simple only because it's no
security at all.  It's not that it's "not good for some purposes".  I'm
arguing that it's the sort of approach that shouldn't be used ever, period. 

We have learned, over and over again, that simple answers that might have
been good enough for a very narrow purpose inevitably get used for a
slightly wider case than that for which they're appropriate.  Anything that
involves storing the keys in the same repository as the encrypted data is
just begging to be misused that way.

> I am not making a proposal here and you don't have to denigrate my
> broad suggestion on a technical detail which is quite distracting from
> the real issue at hand, btw.  

This isn't a technical detail that I'm talking about: it's a very serious
mistake in the entire approach to which you alluded, and goes to the heart
of why I think any talk of somehow encrypting or otherwise obfuscating the
contents of pg_proc are a bad idea.  Column controls based on user roles are
another matter, because they'd be part of the access control system in the
DBMS.

Best,

A

In response to

pgsql-performance by date

Next:From: Greg SmithDate: 2007-12-20 22:51:33
Subject: Re: viewing source code
Previous:From: Alvaro HerreraDate: 2007-12-20 22:28:21
Subject: Re: viewing source code

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group