Skip site navigation (1) Skip section navigation (2)

Re: viewing source code

From: "Merlin Moncure" <mmoncure(at)gmail(dot)com>
To: "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-performance(at)postgresql(dot)org
Subject: Re: viewing source code
Date: 2007-12-20 22:04:33
Message-ID: b42b73150712201404i2058c7a2y8a837f30a1f4a2@mail.gmail.com (view raw or flat)
Thread:
Lists: pgsql-performance
On Dec 20, 2007 3:52 PM, Andrew Sullivan <ajs(at)crankycanuck(dot)ca> wrote:
> On Thu, Dec 20, 2007 at 03:35:42PM -0500, Merlin Moncure wrote:
> >
> > Key management is an issue but easily solved.  Uber simple solution is
> > to create a designated table holding the key(s) and use classic
> > permissions to guard it.
>
> Any security expert worth the title would point and laugh at that
> suggestion.  If the idea is that the contents have to be encrypted to
> protect them, then it is just not acceptable to have the encryption keys
> online.  That's the sort of "security" that inevitably causes programs to
> get a reputation for ill-thought-out protections.

right, right, thanks for the lecture.  I am aware of various issues
with key management.

I said 'simple' not 'good'. there are many stronger things, like
forcing the key to be passed in for each invocation, hmac, etc. etc.
I am not making a proposal here and you don't have to denigrate my
broad suggestion on a technical detail which is quite distracting from
the real issue at hand, btw.  I was just suggesting something easy to
stop casual browsing.  If you want to talk specifics, we can talk
specifics...

merlin

In response to

Responses

pgsql-performance by date

Next:From: S GollyDate: 2007-12-20 22:06:55
Subject: performance index scan vs bitmap-seq scan.
Previous:From: Andrew SullivanDate: 2007-12-20 21:29:04
Subject: Re: viewing source code

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group