Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in P
От | sanjay sharma |
---|---|
Тема | Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in P |
Дата | |
Msg-id | BAY116-W19732D66E56E8E76701294C3FA0@phx.gbl обсуждение исходный текст |
Ответ на | Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres ("Jonah H. Harris" <jonah.harris@gmail.com>) |
Ответы |
Re: Submission of Feature Request : RFC- for Implementing
Transparent Data Encryption in P
(Heikki Linnakangas <heikki@enterprisedb.com>)
|
Список | pgsql-hackers |
Hey Jonah,<br /> <br /> You are correct. I have worked with oracle for a long time and only recently started working withPostgres. I am quite satisfied that Postgres is able to deliver me most of the features/ services which Oracle used todeliver but at much reduced cost.This is very helpful in pushing Postgres towards enterprise core infrastructure. Howeverthere are certain fetures which are becoming key for putting postgres in areas where strong regulatory complianceis required.<br />TDE is very helpful in storing data where there is strict privacy compliance requirement forexample e.Government and e.Health. All columns of personal profile/health data do not need same level of security forall users and applications. Selective data encryption is very handy in an architecture where different applications arepulling data from a central data repository for processing and presenting to their users or where different users arechanging different part of data set in central repository. These departmental applications may contain keys for decryptingand looking at only those columns needed by their users. Encrypting just needed column takes care of compliancerequirement down the line in backups and archives.<br /> Another area where I would like to put a RFC is Auditing.A flag at the database level (conf file) or in DDL which puts audit columns ( created_by, creation_date, last_updated_by,last_update_date) on tables and automatically populates them would be a very nice standard feature. Currentlythis needs code/trigger to be duplicated at each table which is a big grunt. At furthur higher level a way to auditdata access/view for regulatory complinace like HIPPA is also needed.This should not be copy of Oracle FGA which hasits own limitations. <br /> I welcome everyone to to send their vies on the issue.<br /> <br /> Cheers<br /> <br />Sanjay<br /><br /><br />> Date: Sun, 30 Mar 2008 19:10:48 -0400<br />> From: jonah.harris@gmail.com<br />> To:sanksh@hotmail.com<br />> Subject: Re: [HACKERS] Submission of Feature Request : RFC- for Implementing TransparentData Encryption in Postgres<br />> CC: pgsql-hackers@postgresql.org<br />> <br />> On Sun, Mar 30, 2008at 2:52 PM, sanjay sharma <sanksh@hotmail.com> wrote:<br />> > 1. Transparent Data Encryption: The columnwhich needs to be stored in<br />> > encrypted form can be specified through DDL.<br />> <br />> Hey Sanjay.Based on your wording, you've probably used Oracle's TDE<br />> and want to implement it in PG. Unfortunately,nine times out of ten,<br />> cool Oracle features aren't seen as cool in this crowd. Looking at<br />>your responses, there's an obvious misunderstanding in regard to<br />> security (column-level access != encryption),and of performance<br />> (encrypt the whole thing and pay a heavy price on *all* accesses<br />> insteadof only granular accesses to only the column(s) you're<br />> encrypting).<br />> <br />> Regardless, ifyou want to get a feature into PG, you need to first<br />> come up with a good reason for it, get people behind theidea, and<br />> then come up with a plan to implement it.<br />> <br />> -- <br />> Jonah H. Harris, Sr.Software Architect | phone: 732.331.1324<br />> EnterpriseDB Corporation | fax: 732.331.1301<br />> 499 ThornallStreet, 2nd Floor | jonah.harris@enterprisedb.com<br />> Edison, NJ 08837 | http://www.enterprisedb.com/<br />><br />> -- <br />> Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)<br />> To make changesto your subscription:<br />> http://www.postgresql.org/mailpref/pgsql-hackers<br /><br /><br /><hr />Windows LiveMessenger : Get connected, share yourself, make a difference the way you chat. <a href="http://get.live.com/messenger/overview" target="_new">Check it out!</a>
В списке pgsql-hackers по дате отправления:
Предыдущее
От: "Jonah H. Harris"Дата:
Сообщение: Re: Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres