Re: RFE: Transparent encryption on all fields
От | tomas@tuxteam.de |
---|---|
Тема | Re: RFE: Transparent encryption on all fields |
Дата | |
Msg-id | 20090428044938.GA16936@tomas обсуждение исходный текст |
Ответ на | Re: RFE: Transparent encryption on all fields (Sam Halliday <sam.halliday@gmail.com>) |
Ответы |
Re: RFE: Transparent encryption on all fields
|
Список | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote: > > > Tomas Zerolo wrote: > > > >> If there were a way to prompt the user for the password to an encrypted > >> drive on startup for all OS, with an equivalent for headless machines... [...] > There is a difference between "it's possible" and "there is". I know of no > such standard support of either of the standard OSes. Sorry. Denial doesn't help. It's not only "possible", it's being done all the time. Cf. <http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS>, for example. But you are attacking a strawman anyway. Client-side decryption matches much better what you had in mind -- and I think it's provably no less secure (and more convenient). The only hypothetical advantage of server-side encryption (there might be an opportunity of indexing) seems to be so mired in technical difficulties (if you want to avoid information leaks anyway) that I can't even imagine whether it's a real advantage. Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJ9oriBcgs9XrR2kYRAj/CAJ9c1UERONoqYtjEj0N/aSp5IELFAgCffeTR nomoWcaFoE9fiYPD0EOr9To= =KevK -----END PGP SIGNATURE-----
В списке pgsql-hackers по дате отправления: