Re: RFE: Transparent encryption on all fields
От | tomas@tuxteam.de |
---|---|
Тема | Re: RFE: Transparent encryption on all fields |
Дата | |
Msg-id | 20090424195028.GB28554@tomas обсуждение исходный текст |
Ответ на | Re: RFE: Transparent encryption on all fields (Marc Munro <marc@bloodnok.com>) |
Ответы |
Re: RFE: Transparent encryption on all fields
|
Список | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Apr 23, 2009 at 01:31:39PM -0700, Marc Munro wrote: [...] > In principle it could be used in the way that Bill Moran suggests though > I have never used it that way. I am somewhat suspicious of passing > encryption keys to the database server as there is always the potential > for them to be leaked. Exactly. > It is generally much safer to keep keys and the > decryption process on a separate server. Or just client-side. Minimum spread of knowledge. Decrypting fields server-side gains us nothing which can't be achieved by encrypting the whole data partition (this would protect us against the server being stolen in a "shut down" state). And encrypting the partition gives us indexing "as usual", which wouldn't be as easy to achieve with encrypted fields. Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJ8hgEBcgs9XrR2kYRAju5AJ4pRma6bOffFIDAf7yAzrS6vjMo6gCfW7r0 E5qa+P3hDT78qKrzLpWEi2Y= =b8/v -----END PGP SIGNATURE-----
В списке pgsql-hackers по дате отправления: