korry wrote:
>>If you want the data hidden from system administrators, you need to have
>>the client encrypt it before storing it. Of course, that will have
>>massive implications for your application.
>>
>>
>
>Have you considered storing your data on an encrypted filesystem? I have no
>idea what kind of performance hit you would suffer, but you wouldn't have to
>change your application at all that way. Perhaps a private mount so that
>only the postgresql process tree could see the decrypted bits?
>
>
>
Since what he is worried about is the ability of admins to get at the
data by connecting to the postgres server (after changing pg_hba.conf),
this will not make the slightest difference - the data would be
decrypted before it ever got to the intruder.
For encryption to be effective against some perceived threat, the data
has to be encrypted before it gets anywhere the spy can see it.
There really are no magic solutions.
Unfortunately, there is not a similar shortage of snake oil.
cheers
andrew
