Re: Page-Level Encryption

On 1/21/06, Bricklen Anderson <banderson@presinet.com> wrote:
> Jim C. Nasby wrote:
> > I would highly recommend taking a look at how Oracle is handling
> > encryption in the database in 10.2 (or whatever they're calling it).
> > They've done a good job of thinking out how to handle things like
> > managing the keys.
> >
> > I know that Oracle magazine did an article on it recently; you should be
> > able to find that online somewhere.
>
> This link?
> http://www.oracle.com/technology/oramag/oracle/05-sep/o55security.html

Two points about it:

1) Their threat model is very clear - someone gets the backup.
2) They have focused on usbility from inside the database.

Thats all good, but IMHO such threat is more profitable to solve
by simply feeding pg_dump output to GnuPG.  This has one important
advantage over Oracle solution - no secret key is needed for
regular operation.  It is only needed for restore operation.

--
marko