Re: [HACKERS] Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres
On Sun, Mar 30, 2008 at 2:52 PM, sanjay sharma <[EMAIL PROTECTED]> wrote: > 1. Transparent Data Encryption: The column which needs to be stored in > encrypted form can be specified through DDL. Hey Sanjay. Based on your wording, you've probably used Oracle's TDE and want to implement it in PG. Unfortunately, nine times out of ten, cool Oracle features aren't seen as cool in this crowd. Looking at your responses, there's an obvious misunderstanding in regard to security (column-level access != encryption), and of performance (encrypt the whole thing and pay a heavy price on *all* accesses instead of only granular accesses to only the column(s) you're encrypting). Regardless, if you want to get a feature into PG, you need to first come up with a good reason for it, get people behind the idea, and then come up with a plan to implement it. -- Jonah H. Harris, Sr. Software Architect | phone: 732.331.1324 EnterpriseDB Corporation | fax: 732.331.1301 499 Thornall Street, 2nd Floor | [EMAIL PROTECTED] Edison, NJ 08837 | http://www.enterprisedb.com/ -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres
On Sun, Mar 30, 2008 at 4:36 PM, Tom Lane <[EMAIL PROTECTED]> wrote: > sanjay sharma <[EMAIL PROTECTED]> writes: > > 1. Transparent Data Encryption: The column which needs to be stored in > encrypted form can be specified through DDL. The encryption key can be stored > in a secure file accessible through a pass phrase. That particular column > would apper in encrypted form for all users except the users specified > through a grant to see the data in decrypted form. > > Exactly what threat do you see this protecting against, that wouldn't be > better solved by SQL-standard features like column-level access > permissions? Yes. And if you're concerned about people getting access to the raw data files, put $PGDATA on an encrypted partition. -Doug -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
Re: [HACKERS] Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres
sanjay sharma <[EMAIL PROTECTED]> writes: > 1. Transparent Data Encryption: The column which needs to be stored in > encrypted form can be specified through DDL. The encryption key can be stored > in a secure file accessible through a pass phrase. That particular column > would apper in encrypted form for all users except the users specified > through a grant to see the data in decrypted form. Exactly what threat do you see this protecting against, that wouldn't be better solved by SQL-standard features like column-level access permissions? regards, tom lane -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
[HACKERS] Submission of Feature Request : RFC- for Implementing Transparent Data Encryption in Postgres
Hello All, I would like to submit following feature request for Postgres: 1. Transparent Data Encryption: The column which needs to be stored in encrypted form can be specified through DDL. The encryption key can be stored in a secure file accessible through a pass phrase. That particular column would apper in encrypted form for all users except the users specified through a grant to see the data in decrypted form. I would like to hook-up with people who are working in the postgres security area to refine the feature detail and work on its implementation. Please guide me how to go about it. Sanjay Sharma Victoria, Canada _ Technology : Catch up on updates on the latest Gadgets, Reviews, Gaming and Tips to use technology etc. http://computing.in.msn.com/