Quoting Scott Marlowe <smarlowe@g2switchworks.com>:
>> Having the table containing the index, or the database object,
>> encrypted would protect against system admins,
>
> IF they've got root, and the unencrypted data or the password / key is
> on the machine or in memory on it, you've lost. It may make it harder
> for them to get it, but they can.
The password shouldn't be saved anywhere, it should be entered manually
when the application starts. Or, only store it on secure removable
media. But it would be better than the options that exist today. You're
right; there is no perfect security, especially when the box has been
rooted. They would have to get root while the machine is powered on,
the database engine is running, and the user was authenticated and
logged in. It might be possible to implement a "kill" switch, where
upon receipt of a signal the user would be logged out and the memory
scrubbed of the private key data.
David