Re: RFE: Transparent encryption on all fields

From: tomas(at)tuxteam(dot)de
To: Sam Halliday <sam(dot)halliday(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-23 14:35:49
Message-ID: 20090423143549.GA21006@tomas
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Apr 23, 2009 at 12:43:30PM +0100, Sam Halliday wrote:
> Dear pgsql hackers,
>
> The encryption options
>
> http://www.postgresql.org/docs/8.3/static/encryption-options.html

[...]

> If it were feasible, a transparent crypto on all fields for a given
> database would be just the trick! Connections to such databases could
> require a key as well as the user login [...]

If I understand you correctly you are proposing to do the decryption
server-side. This doesn't seem to make much sense (at least not beyond
encrypting the partition where the data is). Either the machine is
stolen when shut down, or the machine is "stolen" when running. In the
first case you are fine, in the second you are lost. It's the same as
with an encrypted partition.

Providing the key/passphrase to unlock the partition is possible over
the net.

Keeping the (at least the decryption) key client-side makes much more
sense (and you can provide different clients with different keys). The
only drawback is when you need an index over an encrypted field :-(

Regards
- -- tomás

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJ8HzFBcgs9XrR2kYRAlcMAJ4irB6+J0/8KxSpDFKCidRyVkA6cgCeKSBi
UqMNLQ1QLrYGsb0YZ+d1aNY=
=RSOK
-----END PGP SIGNATURE-----

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kevin Grittner 2009-04-23 14:36:25 Re: Prepared transactions vs novice DBAs, again
Previous Message Fujii Masao 2009-04-23 14:29:16 Re: Synch Replication: Synchronization of files between Primary & Standby