On Dec 20, 2007 3:52 PM, Andrew Sullivan <ajs(at)crankycanuck(dot)ca> wrote:
> On Thu, Dec 20, 2007 at 03:35:42PM -0500, Merlin Moncure wrote:
> > Key management is an issue but easily solved. Uber simple solution is
> > to create a designated table holding the key(s) and use classic
> > permissions to guard it.
> Any security expert worth the title would point and laugh at that
> suggestion. If the idea is that the contents have to be encrypted to
> protect them, then it is just not acceptable to have the encryption keys
> online. That's the sort of "security" that inevitably causes programs to
> get a reputation for ill-thought-out protections.
right, right, thanks for the lecture. I am aware of various issues
with key management.
I said 'simple' not 'good'. there are many stronger things, like
forcing the key to be passed in for each invocation, hmac, etc. etc.
I am not making a proposal here and you don't have to denigrate my
broad suggestion on a technical detail which is quite distracting from
the real issue at hand, btw. I was just suggesting something easy to
stop casual browsing. If you want to talk specifics, we can talk
In response to
pgsql-performance by date
|Next:||From: S Golly||Date: 2007-12-20 22:06:55|
|Subject: performance index scan vs bitmap-seq scan.|
|Previous:||From: Andrew Sullivan||Date: 2007-12-20 21:29:04|
|Subject: Re: viewing source code|