Skip site navigation (1) Skip section navigation (2)

Re: RFE: Transparent encryption on all fields

From: Sam Halliday <sam(dot)halliday(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-28 08:24:45
Message-ID: 23272501.post@talk.nabble.com (view raw or flat)
Thread:
Lists: pgsql-hackers
If it works without any change to client SQL queries and compatible with JPA,
then I'm all ears. Otherwise, I really think Sam Mason's idea was spot on...
it works around the inadequacies of encrypted drives and provides the same
level of on-server security.


Tomas Zerolo wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote:
>> 
>> 
>> Tomas Zerolo wrote:
>> > 
>> >> If there were a way to prompt the user for the password to an
>> encrypted 
>> >> drive on startup for all OS, with an equivalent for headless
>> machines... 
> 
> [...]
> 
>> There is a difference between "it's possible" and "there is". I know of
>> no
>> such standard support of either of the standard OSes.
> 
> Sorry. Denial doesn't help. It's not only "possible", it's being done
> all the time. Cf. <http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS>,
> for example. But you are attacking a strawman anyway.
> 
> Client-side decryption matches much better what you had in mind -- and
> I think it's provably no less secure (and more convenient).
> 
> The only hypothetical advantage of server-side encryption (there might
> be an opportunity of indexing) seems to be so mired in technical
> difficulties (if you want to avoid information leaks anyway) that I
> can't even imagine whether it's a real advantage.
> 
> Regards
> - -- tomás
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFJ9oriBcgs9XrR2kYRAj/CAJ9c1UERONoqYtjEj0N/aSp5IELFAgCffeTR
> nomoWcaFoE9fiYPD0EOr9To=
> =KevK
> -----END PGP SIGNATURE-----
> 
> -- 
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-hackers
> 
> 

-- 
View this message in context: http://www.nabble.com/RFE%3A-Transparent-encryption-on-all-fields-tp23195216p23272501.html
Sent from the PostgreSQL - hackers mailing list archive at Nabble.com.


In response to

pgsql-hackers by date

Next:From: higeponDate: 2009-04-28 08:32:14
Subject: Re: Extra cost of "lossy mode" Bitmap Scan plan
Previous:From: Greg StarkDate: 2009-04-28 07:51:16
Subject: Re: Extra cost of "lossy mode" Bitmap Scan plan

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group