Skip site navigation (1) Skip section navigation (2)

Re: RFE: Transparent encryption on all fields

From: tomas(at)tuxteam(dot)de
To: Sam Halliday <sam(dot)halliday(at)gmail(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: RFE: Transparent encryption on all fields
Date: 2009-04-28 04:49:38
Message-ID: 20090428044938.GA16936@tomas (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
Hash: SHA1

On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote:
> Tomas Zerolo wrote:
> > 
> >> If there were a way to prompt the user for the password to an encrypted 
> >> drive on startup for all OS, with an equivalent for headless machines... 


> There is a difference between "it's possible" and "there is". I know of no
> such standard support of either of the standard OSes.

Sorry. Denial doesn't help. It's not only "possible", it's being done
all the time. Cf. <>,
for example. But you are attacking a strawman anyway.

Client-side decryption matches much better what you had in mind -- and
I think it's provably no less secure (and more convenient).

The only hypothetical advantage of server-side encryption (there might
be an opportunity of indexing) seems to be so mired in technical
difficulties (if you want to avoid information leaks anyway) that I
can't even imagine whether it's a real advantage.

- -- tomás
Version: GnuPG v1.4.6 (GNU/Linux)


In response to


pgsql-hackers by date

Next:From: Heikki LinnakangasDate: 2009-04-28 05:30:08
Subject: Re: Clean shutdown and warm standby
Previous:From: Pavel StehuleDate: 2009-04-28 03:47:25
Subject: Re: idea: global temp tables

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group