Skip site navigation (1) Skip section navigation (2)

Re: RFE: Transparent encryption on all fields

From: Sam Halliday <sam(dot)halliday(at)gmail(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-28 08:24:45
Message-ID: (view raw or whole thread)
Lists: pgsql-hackers
If it works without any change to client SQL queries and compatible with JPA,
then I'm all ears. Otherwise, I really think Sam Mason's idea was spot on...
it works around the inadequacies of encrypted drives and provides the same
level of on-server security.

Tomas Zerolo wrote:
> Hash: SHA1
> On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote:
>> Tomas Zerolo wrote:
>> > 
>> >> If there were a way to prompt the user for the password to an
>> encrypted 
>> >> drive on startup for all OS, with an equivalent for headless
>> machines... 
> [...]
>> There is a difference between "it's possible" and "there is". I know of
>> no
>> such standard support of either of the standard OSes.
> Sorry. Denial doesn't help. It's not only "possible", it's being done
> all the time. Cf. <>,
> for example. But you are attacking a strawman anyway.
> Client-side decryption matches much better what you had in mind -- and
> I think it's provably no less secure (and more convenient).
> The only hypothetical advantage of server-side encryption (there might
> be an opportunity of indexing) seems to be so mired in technical
> difficulties (if you want to avoid information leaks anyway) that I
> can't even imagine whether it's a real advantage.
> Regards
> - -- tomás
> Version: GnuPG v1.4.6 (GNU/Linux)
> iD8DBQFJ9oriBcgs9XrR2kYRAj/CAJ9c1UERONoqYtjEj0N/aSp5IELFAgCffeTR
> nomoWcaFoE9fiYPD0EOr9To=
> =KevK
> -- 
> Sent via pgsql-hackers mailing list (pgsql-hackers(at)postgresql(dot)org)
> To make changes to your subscription:

View this message in context:
Sent from the PostgreSQL - hackers mailing list archive at

In response to

pgsql-hackers by date

Next:From: higeponDate: 2009-04-28 08:32:14
Subject: Re: Extra cost of "lossy mode" Bitmap Scan plan
Previous:From: Greg StarkDate: 2009-04-28 07:51:16
Subject: Re: Extra cost of "lossy mode" Bitmap Scan plan

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group