| From: | "Douglas McNaught" <doug(at)mcnaught(dot)org> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "sanjay sharma" <sanksh(at)hotmail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres |
| Date: | 2008-03-30 21:37:43 |
| Message-ID: | 5ded07e00803301437n28abb52ay38ad5cf1653bd726@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Mar 30, 2008 at 4:36 PM, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> sanjay sharma <sanksh(at)hotmail(dot)com> writes:
> > 1. Transparent Data Encryption: The column which needs to be stored in encrypted form can be specified through DDL. The encryption key can be stored in a secure file accessible through a pass phrase. That particular column would apper in encrypted form for all users except the users specified through a grant to see the data in decrypted form.
>
> Exactly what threat do you see this protecting against, that wouldn't be
> better solved by SQL-standard features like column-level access
> permissions?
Yes. And if you're concerned about people getting access to the raw
data files, put $PGDATA on an encrypted partition.
-Doug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jonah H. Harris | 2008-03-30 23:10:48 | Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres |
| Previous Message | Tom Lane | 2008-03-30 21:34:21 | Re: Connection to PostgreSQL Using Certificate: Wrong Permissions on Private Key File |