Thread: Simple Text Field Encryption
I'm looking for a simple way to encrypt the contents of a text field in one of my Postgres tables. I'm not looking for anything that is bullet-proof -- just something that would mask the field's contents from a casual user looking at the table via pgAdminIII or any other client application / query. I'm hoping there is a built-in Postgres function that I could call from my java web application to encrypt/mask a text string and then store the encrypted value in the DB. Thereafter, I would be able to query the encrypted field, de-crypt back to the original value, etc. Any suggestions would be appreciated. BTW...I'm using Postgres v8.3 on Windows Server
--- On Tue, 10/21/08, gcj <gauss21@comcast.net> wrote: > From: gcj <gauss21@comcast.net> > Subject: [NOVICE] Simple Text Field Encryption > To: pgsql-novice@postgresql.org > Date: Tuesday, October 21, 2008, 1:11 PM > I'm looking for a simple way to encrypt the contents of > a text field in one > of my Postgres tables. I'm not looking for anything > that is bullet-proof -- > just something that would mask the field's contents > from a casual user > looking at the table via pgAdminIII or any other client > application / query. > > I'm hoping there is a built-in Postgres function that I > could call from my > java web application to encrypt/mask a text string and then > store the > encrypted value in the DB. Thereafter, I would be able to > query the > encrypted field, de-crypt back to the original value, etc. Since you're using java, maybe there's a way to use a JPasswordField object? Bruce
On Wed, Oct 22, 2008 at 4:11 AM, gcj <gauss21@comcast.net> wrote: > I'm looking for a simple way to encrypt the contents of a text field in one > of my Postgres tables. I'm not looking for anything that is bullet-proof -- > just something that would mask the field's contents from a casual user > looking at the table via pgAdminIII or any other client application / query. > > I'm hoping there is a built-in Postgres function that I could call from my > java web application to encrypt/mask a text string and then store the > encrypted value in the DB. Thereafter, I would be able to query the > encrypted field, de-crypt back to the original value, etc. > > Any suggestions would be appreciated. > To handle it Java side you could check out this link ... http://timarcher.com/?q=node/51 Note the comments following the article warn of the limitations of this technique. However, it does seem to be adequate for what you have requested. I'm a postgres novice, but my guess is that if your Java app could use postgres to crypt/decrypt that internally then the KGB/CIA/Stasi/Greenpeace/Amnesty etc could use pgAdminIII (or whatever) to get postgres to decrypt it just as easily. HTH, -Damian