Re: Transparent encryption in PostgreSQL?

Doesn't that really only save you from having someone come in at the OS
level and copying your data files and than moutning them on a differet
server/database. A person could still come in to psql as a dba or anyone for
that matter with the proper select grants and query off that data and see it
in encrypted.

Not that this helps here but Oracle just implemented row level encryption in
10g release 2. In simple form everything has a key and for you to view the
data from anywhere including sql plus(it's like psql) you need the correct
key to decrypt it(I'm pulling this from my head after haveing read this some
time ago). This all happens on the fly. Of course there will be performance
hits for this but for today's world where the weakest link is usually an
internal employee with access to all the data the only way to keep people
from seeing it is a setup that encrypts it at the cost of performance. Maybe
the Oracle method is something that can make it's way to Postgresql over
time. If there isn't a third party patch that already does this.

On 7/13/05, Joshua D. Drake <jd(at)commandprompt(dot)com> wrote:
>
>
> > My sense is that this is a difficult problem. However, I made the
> > mistake of promising this functionality,
>
> Well it isn't that difficult except that you need some level of two way
> encryption and it is going to be a performance nightmare.
>
> I would suggest instead just mounting postgresql on an encrypted
> filesystem.
>
> Sincerely,
>
> Joshua D. Drake
>
>
> > so I'm scrambling to figure out some kind of solution. Any
> > suggestions?
> >
> > Thanks so much!
> >
> > Matt
>
>
> --
> Your PostgreSQL solutions provider, Command Prompt, Inc.
> 24x7 support - 1.800.492.2240, programming, and consulting
> Home of PostgreSQL Replicator, plPHP, plPerlNG and pgPHPToolkit
> http://www.commandprompt.com / http://www.postgresql.org
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
>