"Merlin Moncure" <mmoncure@gmail.com> writes:
> On Dec 20, 2007 6:01 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> So if you want something other than endless arguments to happen,
>> come up with a nice key-management design for encrypted function
>> bodies.
> Maybe a key management solution isn't required. If, instead of
> strictly wrapping a language with an encryption layer, we provide
> hooks (actors) that have the ability to operate on the function body
> when it arrives and leaves pg_proc, we may sidestep the key problem
> (leaving it to the user) and open up the doors to new functionality at
> the same time.
I think you're focusing on mechanism and ignoring the question of
whether there is a useful policy for it to implement. Andrew Sullivan
argued upthread that we cannot get anywhere with both keys and encrypted
function bodies stored in the same database (I hope that's an adequate
summary of his point). I'm not convinced that he's right, but that has
to be the first issue we think about. The whole thing is a dead end if
there's no way to do meaningful encryption --- punting an insoluble
problem to the user doesn't make it better.
(This is not to say that you don't have a cute idea there, only that
it's not a license to take our eyes off the ball.)
regards, tom lane
