Doesn't that really only save you from having someone come in at the OS level and copying your data files and than moutning them on a differet server/database. A person could still come in to psql as a dba or anyone for that matter with the proper select grants and query off that data and see it in encrypted.
Not that this helps here but Oracle just implemented row level encryption in 10g release 2. In simple form everything has a key and for you to view the data from anywhere including sql plus(it's like psql) you need the correct key to decrypt it(I'm pulling this from my head after haveing read this some time ago). This all happens on the fly. Of course there will be performance hits for this but for today's world where the weakest link is usually an internal employee with access to all the data the only way to keep people from seeing it is a setup that encrypts it at the cost of performance. Maybe the Oracle method is something that can make it's way to Postgresql over time. If there isn't a third party patch that already does this.
On 7/13/05, Joshua D. Drake <jd@commandprompt.com> wrote:
> My sense is that this is a difficult problem. However, I made the
> mistake of promising this functionality,
Well it isn't that difficult except that you need some level of two way
encryption and it is going to be a performance nightmare.
I would suggest instead just mounting postgresql on an encrypted filesystem.
Sincerely,
Joshua D. Drake
> so I'm scrambling to figure out some kind of solution. Any
> suggestions?
>
> Thanks so much!
>
> Matt
--
Your PostgreSQL solutions provider, Command Prompt, Inc.
24x7 support - 1.800.492.2240, programming, and consulting
Home of PostgreSQL Replicator, plPHP, plPerlNG and pgPHPToolkit
http://www.commandprompt.com / http://www.postgresql.org
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings