Quoting "Joshua D. Drake" <jd@commandprompt.com>:
>
>> IF they've got root, and the unencrypted data or the password / key is
>> on the machine or in memory on it, you've lost. It may make it harder
>> for them to get it, but they can.
> This is true but in answer to your question you can use something like
> cryptfs. Note that you will loose performance.
>
> Joshua D. Drake
I'm looking for something that runs *inside* of Postgres, at a higher
level than a loop-back encrypted volume. This way, it would only be
available when the database engine was running, and ideally only
accessible to an authenticated/logged in user.
David