| From: | Greg Stark <gsstark(at)mit(dot)edu> |
|---|---|
| To: | Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
| Cc: | tomas(at)tuxteam(dot)de, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: New types for transparent encryption |
| Date: | 2009-07-08 05:56:59 |
| Message-ID: | 407d949e0907072256r615a043cuada058c7a5210b52@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Wed, Jul 8, 2009 at 6:43 AM, Itagaki
Takahiro<itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> wrote:
>
> tomas(at)tuxteam(dot)de wrote:
>
>> As other posters have put it, I'd be very sceptical of server-side
>> decryption. If the server "has" all the necessary bits to decrypt the
>> data, all bets are off.
>
> Server can access both encrypted data and its password, but we can put
> them in different disk drives. We cannot decrypt the data unless we have
> all copies of the drives.
I thought the proposal was to have a GUC variable with the password,
so it would be purely in memory. I had assumed the application would
have the password and call SET early in the connection. Perhaps only
certain components of the database would actually have access to the
password. That makes a lot more sense in these ajaxy soapy days of web
2.0 where perhaps only the payment processing soap service would
actually have the password to encrypt credit card details. (Though in
that case I would expect the soap service to do the encryption
itself....)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2009-07-08 06:04:15 | Re: Re: Synch Rep: direct transfer of WAL file from the primary to the standby |
| Previous Message | Brendan Jurd | 2009-07-08 05:44:45 | Re: [HACKERS] commitfest.postgresql.org |