Hey Jonah,
You are correct. I have worked with oracle for a long time and only recently
started working with Postgres. I am quite satisfied that Postgres is able to
deliver me most of the features/ services which Oracle used to deliver but at
much reduced cost.This is very helpful in pushing Postgres towards enterprise
core infrastructure. However there are certain fetures which are becoming key
for putting postgres in areas where strong regulatory compliance is
required.TDE is very helpful in storing data where there is strict privacy
compliance requirement for example e.Government and e.Health. All columns of
personal profile/health data do not need same level of security for all users
and applications. Selective data encryption is very handy in an architecture
where different applications are pulling data from a central data repository
for processing and presenting to their users or where different users are
changing different part of data set in central repository. These departmental
applications may contain keys for decrypting and looking at only those columns
needed by their users. Encrypting just needed column takes care of compliance
requirement down the line in backups and archives.
Another area where I would like to put a RFC is Auditing. A flag at the
database level (conf file) or in DDL which puts audit columns ( created_by,
creation_date, last_updated_by, last_update_date) on tables and automatically
populates them would be a very nice standard feature. Currently this needs
code/trigger to be duplicated at each table which is a big grunt. At furthur
higher level a way to audit data access/view for regulatory complinace like
HIPPA is also needed.This should not be copy of Oracle FGA which has its own
limitations.
I welcome everyone to to send their vies on the issue.
Cheers
Sanjay
> Date: Sun, 30 Mar 2008 19:10:48 -0400> From: [EMAIL PROTECTED]> To: [EMAIL
> PROTECTED]> Subject: Re: [HACKERS] Submission of Feature Request : RFC- for
> Implementing Transparent Data Encryption in Postgres> CC:
> pgsql-hackers@postgresql.org> > On Sun, Mar 30, 2008 at 2:52 PM, sanjay
> sharma <[EMAIL PROTECTED]> wrote:> > 1. Transparent Data Encryption: The
> column which needs to be stored in> > encrypted form can be specified through
> DDL.> > Hey Sanjay. Based on your wording, you've probably used Oracle's TDE>
> and want to implement it in PG. Unfortunately, nine times out of ten,> cool
> Oracle features aren't seen as cool in this crowd. Looking at> your
> responses, there's an obvious misunderstanding in regard to> security
> (column-level access != encryption), and of performance> (encrypt the whole
> thing and pay a heavy price on *all* accesses> instead of only granular
> accesses to only the column(s) you're> encrypting).> > Regardless, if you
> want to get a feature into PG, you need to first> come up with a good reason
> for it, get people behind the idea, and> then come up with a plan to
> implement it.> > -- > Jonah H. Harris, Sr. Software Architect | phone:
> 732.331.1324> EnterpriseDB Corporation | fax: 732.331.1301> 499 Thornall
> Street, 2nd Floor | [EMAIL PROTECTED]> Edison, NJ 08837 |
> http://www.enterprisedb.com/> > -- > Sent via pgsql-hackers mailing list
> (pgsql-hackers@postgresql.org)> To make changes to your subscription:>
> http://www.postgresql.org/mailpref/pgsql-hackers
_________________________________________________________________
Education: Are exams worrying you all the day long? Write to MSN education
experts for help.
http://education.in.msn.com/
