On 04/03/2010 06:35 AM, Timothy Madden wrote: > I can only see how PostgreSQL encrypts the password or the connection > in the documentation, and for the database I can see application-level > encryption with pgcrypto (and filesystem level encryption), How could > I get database level encryption in PostgreSQL ? This is an extremely broad question, and you have barely begun to provide enough information to answer it. For starters: 1. What is your threat scenario? a) The physical machine is stolen b) A database dump is stolen c) Someone roots your system d) Someone compromises your application, via SQL injection, etc 2. What data needs to be encrypted? a) All columns of all tables b) Selected columns of selected tables 3. Do you need to be able to search or sort on any of the encrypted columns? 4. Is your password stored somewhere on the hardware, or is it entered by a human every time the application starts? 5. Do you want a single password for all data access, or is the encryption by user or some other segmentation? 6. Is brute-force cracking of the password a concern? Will your application shut down repeated failed attempts? There is no magic bullet. This requires careful thought, analysis, and trade-offs. Joe
Attachment:
signature.asc
Description: OpenPGP digital signature
