Thnx for the input. I have another solution, which i tried to avoid : my company provides file/folder-level encryption . i can apply this encryption with specific configuration for the postgres processes . this way - even the root cannot access the data, the only one that can access the database-files is the owner of the database (which can be the DBA , but can be some1 else as well...)
I tried to avoid this solution, but now i understand that i don't have any other choice. encrypting the data will be useless, because i cannot SELECT by text/range/dates.... tnx On Wed, Jun 4, 2008 at 7:11 PM, Tom Lane <[EMAIL PROTECTED]> wrote: > [EMAIL PROTECTED] writes: > > I'd like to use postgres to store my secret data in a way that only > > me (the DBA, owner of the table) can access the talbe while the root > > (system administrator) who installed and maintains the server - will > > not be able to see the data. > > If you think you can hide anything on a machine from its root admin, > I have a bridge I'd like to sell you ... > > The only thing you could do along this line is to use the database as a > dumb container for encrypted data that you decrypt only on the client > side, using keys that are never sent to the database server. > Unfortunately that approach loses most of the benefit of using a > database in the first place, since you can hardly do any useful > processing on data that you can't decrypt. > > regards, tom lane >
