Re: New types for transparent encryption
| От | tomas@tuxteam.de |
|---|---|
| Тема | Re: New types for transparent encryption |
| Дата | |
| Msg-id | 20090707101726.GA9083@tomas обсуждение исходный текст |
| Ответ на | New types for transparent encryption (Itagaki Takahiro <itagaki.takahiro@oss.ntt.co.jp>) |
| Ответы |
Re: New types for transparent encryption
|
| Список | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, Jul 07, 2009 at 05:35:28PM +0900, Itagaki Takahiro wrote: > Our manual says we can use pgcrypto functions or encrypted filesystems > for data encryption. > http://www.postgresql.org/docs/8.4/static/encryption-options.html As other posters have put it, I'd be very sceptical of server-side decryption. If the server "has" all the necessary bits to decrypt the data, all bets are off. [encryption might be OK, with an asymmetrical scheme in the vein of public key cryptography]. A client-side decryption (and maybe encryption as well) seems way more attractive. For that, libpqtypes[1],[2] might come in very handy. [1] <http://pgfoundry.org/projects/libpqtypes/> [2] <http://libpqtypes.esilo.com/> Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFKUyC2Bcgs9XrR2kYRAiJoAJ9426t1bMtZ90690cwU9X+F4GJZkgCfZsJ2 YIon8ulaHI64l5GKbDwV4hM= =I9fS -----END PGP SIGNATURE-----
В списке pgsql-hackers по дате отправления: