If it works without any change to client SQL queries and compatible with JPA, then I'm all ears. Otherwise, I really think Sam Mason's idea was spot on... it works around the inadequacies of encrypted drives and provides the same level of on-server security.
Tomas Zerolo wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Mon, Apr 27, 2009 at 01:28:45AM -0700, Sam Halliday wrote: >> >> >> Tomas Zerolo wrote: >> > >> >> If there were a way to prompt the user for the password to an >> encrypted >> >> drive on startup for all OS, with an equivalent for headless >> machines... > > [...] > >> There is a difference between "it's possible" and "there is". I know of >> no >> such standard support of either of the standard OSes. > > Sorry. Denial doesn't help. It's not only "possible", it's being done > all the time. Cf. <http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS>, > for example. But you are attacking a strawman anyway. > > Client-side decryption matches much better what you had in mind -- and > I think it's provably no less secure (and more convenient). > > The only hypothetical advantage of server-side encryption (there might > be an opportunity of indexing) seems to be so mired in technical > difficulties (if you want to avoid information leaks anyway) that I > can't even imagine whether it's a real advantage. > > Regards > - -- tomás > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFJ9oriBcgs9XrR2kYRAj/CAJ9c1UERONoqYtjEj0N/aSp5IELFAgCffeTR > nomoWcaFoE9fiYPD0EOr9To= > =KevK > -----END PGP SIGNATURE----- > > -- > Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-hackers > > -- View this message in context: http://www.nabble.com/RFE%3A-Transparent-encryption-on-all-fields-tp23195216p23272501.html Sent from the PostgreSQL - hackers mailing list archive at Nabble.com. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers