Re: New types for transparent encryption

From: Greg Stark <gsstark(at)mit(dot)edu>
To: Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com>
Cc: Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: New types for transparent encryption
Date: 2009-07-07 09:23:45
Message-ID: 407d949e0907070223m141149d5if8a432b81d2f83ad@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Jul 7, 2009 at 10:09 AM, Heikki
Linnakangas<heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
>
> What kind of attacks would this protect against? Seems a bit pointless
> to me if the password is being sent to the server anyway. If the
> attacker has superuser access to the server, he can harvest the
> passwords as the clients send them in. If he doesn't, the usual access
> controls with GRANT/REVOKE would be enough.

It would still protect against offline attacks such as against backup files.

--
greg
http://mit.edu/~gsstark/resume.pdf

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Kedar Potdar 2009-07-07 09:26:51 Re: Patch for automating partitions in PostgreSQL 8.4 Beta 2
Previous Message Heikki Linnakangas 2009-07-07 09:09:49 Re: New types for transparent encryption