| From: | "Merlin Moncure" <mmoncure(at)gmail(dot)com> |
|---|---|
| To: | "Andrew Sullivan" <ajs(at)crankycanuck(dot)ca>, pgsql-performance(at)postgresql(dot)org |
| Subject: | Re: viewing source code |
| Date: | 2007-12-20 22:04:33 |
| Message-ID: | b42b73150712201404i2058c7a2y8a837f30a1f4a2@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-performance |
On Dec 20, 2007 3:52 PM, Andrew Sullivan <ajs(at)crankycanuck(dot)ca> wrote:
> On Thu, Dec 20, 2007 at 03:35:42PM -0500, Merlin Moncure wrote:
> >
> > Key management is an issue but easily solved. Uber simple solution is
> > to create a designated table holding the key(s) and use classic
> > permissions to guard it.
>
> Any security expert worth the title would point and laugh at that
> suggestion. If the idea is that the contents have to be encrypted to
> protect them, then it is just not acceptable to have the encryption keys
> online. That's the sort of "security" that inevitably causes programs to
> get a reputation for ill-thought-out protections.
right, right, thanks for the lecture. I am aware of various issues
with key management.
I said 'simple' not 'good'. there are many stronger things, like
forcing the key to be passed in for each invocation, hmac, etc. etc.
I am not making a proposal here and you don't have to denigrate my
broad suggestion on a technical detail which is quite distracting from
the real issue at hand, btw. I was just suggesting something easy to
stop casual browsing. If you want to talk specifics, we can talk
specifics...
merlin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | S Golly | 2007-12-20 22:06:55 | performance index scan vs bitmap-seq scan. |
| Previous Message | Andrew Sullivan | 2007-12-20 21:29:04 | Re: viewing source code |