Re: How to revoke privileged from PostgreSQL's superuser

On Fri, Aug 10, 2018 at 10:34:26PM -0400, Rui DeSousa wrote:
> With that logic then you should use flat files for encrypted data and
> unencrypted data. It’s what was done many moons ago; and its unstructured
> haphazard approach gave rise to RDBMS systems.
>
> You cannot say that encrypted data does not belong in a RDBMS system… that is
> just false. Hell, I’ve stored blobs in a RDMBS system which could have easily
> been stored in a different system if need be. It’s a design choice and what
> fits the application and budget needs.
>
> Encrypting sensitive information and storing in the database is a valid use
> case. It may be only a few columns that are encrypted or a complete document
> (blob); there is no need to increase complexity just to move those columns out
> of the database.

I think the point is that it makes sense to store data encrypted in a
database only if it is a payload on another piece of non-encrypted data.
You can't easily index, restrict, or join encrypted data, so it doesn't
have a huge value alone in a database.

--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com

+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +