I have a a postgres database implementation that needs to be enhanced to meet PCI compliance for encrypting sensitive data inside the database. I'm looking at dm-crypt to encrypt my filesystems to prevent against theft of hardware, but we also have a requirement to encrypt a few important fields in a few tables in order to prevent against sql injection/exposure attacks.
I'm wondering if anyone on the list has any *specific* experience with the pgcrypto and the key management required in order to meet pci compliance for encrypting data within a postgres db.
Thanks! -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
