On Sun, Mar 30, 2008 at 4:36 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> sanjay sharma <sanksh@hotmail.com> writes:
> > 1. Transparent Data Encryption: The column which needs to be stored in encrypted form can be specified through
DDL.The encryption key can be stored in a secure file accessible through a pass phrase. That particular column would
apperin encrypted form for all users except the users specified through a grant to see the data in decrypted form.
>
> Exactly what threat do you see this protecting against, that wouldn't be
> better solved by SQL-standard features like column-level access
> permissions?
Yes. And if you're concerned about people getting access to the raw
data files, put $PGDATA on an encrypted partition.
-Doug