Re: RFE: Transparent encryption on all fields

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Apr 23, 2009 at 01:31:39PM -0700, Marc Munro wrote:

[...]

> In principle it could be used in the way that Bill Moran suggests though
> I have never used it that way.  I am somewhat suspicious of passing
> encryption keys to the database server as there is always the potential
> for them to be leaked.

Exactly.

>                         It is generally much safer to keep keys and the
> decryption process on a separate server.

Or just client-side. Minimum spread of knowledge. Decrypting fields
server-side gains us nothing which can't be achieved by encrypting the
whole data partition (this would protect us against the server being
stolen in a "shut down" state). And encrypting the partition gives us
indexing "as usual", which wouldn't be as easy to achieve with encrypted
fields.

Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJ8hgEBcgs9XrR2kYRAju5AJ4pRma6bOffFIDAf7yAzrS6vjMo6gCfW7r0
E5qa+P3hDT78qKrzLpWEi2Y=
=b8/v
-----END PGP SIGNATURE-----