Re: RFE: Transparent encryption on all fields - Mailing list pgsql-hackers

From tomas@tuxteam.de
Subject Re: RFE: Transparent encryption on all fields
Date
Msg-id 20090423143549.GA21006@tomas
Whole thread Raw
In response to RFE: Transparent encryption on all fields  (Sam Halliday <sam.halliday@gmail.com>)
Responses Re: RFE: Transparent encryption on all fields
List pgsql-hackers
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, Apr 23, 2009 at 12:43:30PM +0100, Sam Halliday wrote:
> Dear pgsql hackers,
>
> The encryption options
>
>   http://www.postgresql.org/docs/8.3/static/encryption-options.html

[...]

> If it were feasible, a transparent crypto on all fields for a given 
> database would be just the trick! Connections to such databases could 
> require a key as well as the user login [...]

If I understand you correctly you are proposing to do the decryption
server-side. This doesn't seem to make much sense (at least not beyond
encrypting the partition where the data is). Either the machine is
stolen when shut down, or the machine is "stolen" when running. In the
first case you are fine, in the second you are lost. It's the same as
with an encrypted partition.

Providing the key/passphrase to unlock the partition is possible over
the net.

Keeping the (at least the decryption) key client-side makes much more
sense (and you can provide different clients with different keys). The
only drawback is when you need an index over an encrypted field :-(

Regards
- -- tomás


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJ8HzFBcgs9XrR2kYRAlcMAJ4irB6+J0/8KxSpDFKCidRyVkA6cgCeKSBi
UqMNLQ1QLrYGsb0YZ+d1aNY=
=RSOK
-----END PGP SIGNATURE-----


pgsql-hackers by date:

Previous
From: Fujii Masao
Date:
Subject: Re: Synch Replication: Synchronization of files between Primary & Standby
Next
From: "Kevin Grittner"
Date:
Subject: Re: Prepared transactions vs novice DBAs, again