-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, Apr 23, 2009 at 01:31:39PM -0700, Marc Munro wrote:
[...] > In principle it could be used in the way that Bill Moran suggests though > I have never used it that way. I am somewhat suspicious of passing > encryption keys to the database server as there is always the potential > for them to be leaked. Exactly. > It is generally much safer to keep keys and the > decryption process on a separate server. Or just client-side. Minimum spread of knowledge. Decrypting fields server-side gains us nothing which can't be achieved by encrypting the whole data partition (this would protect us against the server being stolen in a "shut down" state). And encrypting the partition gives us indexing "as usual", which wouldn't be as easy to achieve with encrypted fields. Regards - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJ8hgEBcgs9XrR2kYRAju5AJ4pRma6bOffFIDAf7yAzrS6vjMo6gCfW7r0 E5qa+P3hDT78qKrzLpWEi2Y= =b8/v -----END PGP SIGNATURE----- -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers