Skip site navigation (1) Skip section navigation (2)

Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in P

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: sanjay sharma <sanksh(at)hotmail(dot)com>
Cc: Heikki Linnakangas <heikki(at)enterprisedb(dot)com>, "Jonah H(dot) Harris" <jonah(dot)harris(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in P
Date: 2008-04-01 23:43:11
Message-ID: 200804012343.m31NhB728149@momjian.us (view raw or flat)
Thread:
Lists: pgsql-hackers
sanjay sharma wrote:
> 
> Hello Heikki,
> 
> Although the solution could be implemented using views and
> functions and I am implementing a reference application using
> this approach but TDE can greatly reduce the design and maintenance
> complexcity. It would also take care of data protection in
> backups and archives.  You are correct to identify that TDE may
> not provide complete data security required for data like credit
> crad details but TDE seems to be ideally suited to take care of
> data privacy issues. Major chunk of the private data is of no
> interest to hackers and criminals but needs protection only from
> casual observers. To implement a full data security infrastucture
> to protect only privacy issues seems to be overkill. Compliance
> requirement for storing private data arises from each organizations
> own declared privacy policies and statutory bodies like privacy
> commissioners and other privacy watchdogs. These standards are
> not as strict as PCI, HIPPA or Sarnabes-Oxley
> 
> Compliance with HIPPA regulation requires not only maintaining
> all records of who created and updated the record but also who
> accessed and viewed records, when and in what context.

Agreed, the bottom line is that the tools needed to do what you want are
there, but they are probably more complex to implement than in Oracle. 
We probably offer fewer canned solutions than Oracle, but more
flexibility.

--
  Bruce Momjian  <bruce(at)momjian(dot)us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +

In response to

pgsql-hackers by date

Next:From: Greg SmithDate: 2008-04-01 23:53:23
Subject: Re: New boxes available for QA
Previous:From: Andrew DunstanDate: 2008-04-01 22:40:24
Subject: column level privileges

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group