Re: New types for transparent encryption

Heikki Linnakangas <heikki.linnakangas@enterprisedb.com> writes:
> Itagaki Takahiro wrote:
>> CREATE TYPE encrypted_text (
>> INPUT = pgp_sym_encrypt_text(textin($1), passward(), options()),
>> OUTPUT = textout(pgp_sym_decrypt_text($1, passward(), options())),
>> LIKE bytea
>> );
>> 
>> passward() and options() are SQL functions and we can re-define them
>> if needed. The default implementations are to refer custom GUC variables
>> (pgcrypto.password and pgcrypto.options) so that encryption are done
>> only in database server and applications don't have to know the details.

> What kind of attacks would this protect against?

I agree that this seems more like offering security theater than real
security.  I'm also pretty concerned about the implications of a
datatype whose I/O operations fundamentally don't work without knowledge
of values that are supposed to be kept secret.  What is your expectation
for how pg_dump will handle such columns?
        regards, tom lane