On Mon, Jul 17, 2006 at 02:05:32PM +0800, John Tregea wrote:
> Thanks for your advice. I was looking at the bytea data type in the
> PostgreSQL book I bought (Korry and Susan Douglas, second edition). I
> was concerned that if I have to escape certain characters like the
> single quote or the backslash, how do I guarantee that the escaped
> version does not already appear in the encrypted string?
>
> Should I use the octal value to escape the single quote (\047) and
> backslash (\\134)?
Yes, you'll need to escape certain characters like backslashes.
Your client API might provide an escaping function so you don't
have to worry about the details, or, if you're using placeholders,
the API might automatically escape binary data or transfer it to
the backend as binary. What client interface will you be using to
insert this data?
> Those character sequences are extremely unlikely to occur in an
> encrypted string.
They're as likely to occur as any other. A desirable property of
a cipher is that its output should be indistinguishable from random
data, so any character or sequence of characters is equally likely
to occur.
> Also... I note that I cannot change the data type of my field from text
> to bytea (I am using PGADMIN III). Do you know why?
I don't use pgAdmin so I don't know what it can or can't do. Have
you tried it in psql? What version of PostgreSQL are you using?
The ability to alter a column's type was added in 8.0; in previous
versions you can use the method shown in the FAQ:
http://www.postgresql.org/docs/faqs.FAQ.html#item4.3
--
Michael Fuhr