-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, Apr 23, 2009 at 01:31:39PM -0700, Marc Munro wrote:
[...]
> In principle it could be used in the way that Bill Moran suggests though
> I have never used it that way. I am somewhat suspicious of passing
> encryption keys to the database server as there is always the potential
> for them to be leaked.
Exactly.
> It is generally much safer to keep keys and the
> decryption process on a separate server.
Or just client-side. Minimum spread of knowledge. Decrypting fields
server-side gains us nothing which can't be achieved by encrypting the
whole data partition (this would protect us against the server being
stolen in a "shut down" state). And encrypting the partition gives us
indexing "as usual", which wouldn't be as easy to achieve with encrypted
fields.
Regards
- -- tomás
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFJ8hgEBcgs9XrR2kYRAju5AJ4pRma6bOffFIDAf7yAzrS6vjMo6gCfW7r0
E5qa+P3hDT78qKrzLpWEi2Y=
=b8/v
-----END PGP SIGNATURE-----
