On Sep 15, 2008, at 1:04 PM, Christophe wrote:
> More seriously, this is the issue with code-encryption on an open
> source platform: Where do you keep the key? From my (admittedly
> brief) research, it appears that Oracle bakes it into the server
> binary, which isn't going to work for PG.
Just because Oracle implements something poorly doesn't mean it's the
only way. I don't know what Oracle actually does, but I wouldn't put
much faith in the safety of code protection if that's the way they do
it, because an Oracle employee in the right position could easily
disclose the key one day.
If this functionality were to be implemented, the proper way to do it
would be to require a key file stored on the server or maybe within
postgresql.conf. Users who wish to use this functionality could be
required to create this by hand, or it could be autogenerated at
initdb time.
I don't find this functionality useful, but I also don't think that
it's completely worthless. There are enterprises with very different
needs and perspectives.
Cheers,
--
Casey Allen Shobe
Database Architect, The Berkeley Electronic Press
