Re: RFE: Transparent encryption on all fields
От | tomas@tuxteam.de |
---|---|
Тема | Re: RFE: Transparent encryption on all fields |
Дата | |
Msg-id | 20090424194526.GA28554@tomas обсуждение исходный текст |
Ответ на | Re: RFE: Transparent encryption on all fields (Bill Moran <wmoran@potentialtech.com>) |
Ответы |
Re: RFE: Transparent encryption on all fields
|
Список | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Apr 23, 2009 at 10:38:55AM -0400, Bill Moran wrote: [...] > It's possible that this could be accomplished by something like Veil, > or the built-in implementation that's coming in some future version of > PG (is it scheduled for 8.5 at this point?) > > Anyway, if a Veil rule required the user to enter a password that would > decrypt their key then store it in the session [...] Still, I don't see much advantage in doing the decryption server-side -- and one disadvantage: if someone hijacks the "live" server, they have your key. (The only possible addvantage would be indexing, but you would have to solve tougher problems: how do you keep the index key protected? Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJ8hbWBcgs9XrR2kYRAvChAJ9LMYjO1P0T5nB45ChooYBMxQHbvgCeJBfM sqIJ9JMMZ0BNdsW2/XmxFOU= =yqq/ -----END PGP SIGNATURE-----
В списке pgsql-hackers по дате отправления: