On Thu, 2009-04-23 at 16:08 -0300, pgsql-hackers-owner@postgresql.org
wrote:
> On Thu, Apr 23, 2009 at 10:38:55AM -0400, Bill Moran wrote:
>
> [...]
>
> > It's possible that this could be accomplished by something like
> Veil,
>
> Veil? Care to share an URL?
http://veil.projects.postgresql.org/curdocs/index.html
Veil is intended to enable implementation of virtual private databases.
It provides a bunch of primitives for managing bitmaps of privileges.
These privileges can be used to control access to individual rows within
a table.
In principle it could be used in the way that Bill Moran suggests though
I have never used it that way. I am somewhat suspicious of passing
encryption keys to the database server as there is always the potential
for them to be leaked. It is generally much safer to keep keys and the
decryption process on a separate server.
__
Marc
