"Merlin Moncure" <mmoncure@xxxxxxxxx> writes: > On Dec 20, 2007 6:01 PM, Tom Lane <tgl@xxxxxxxxxxxxx> wrote: >> So if you want something other than endless arguments to happen, >> come up with a nice key-management design for encrypted function >> bodies. > Maybe a key management solution isn't required. If, instead of > strictly wrapping a language with an encryption layer, we provide > hooks (actors) that have the ability to operate on the function body > when it arrives and leaves pg_proc, we may sidestep the key problem > (leaving it to the user) and open up the doors to new functionality at > the same time. I think you're focusing on mechanism and ignoring the question of whether there is a useful policy for it to implement. Andrew Sullivan argued upthread that we cannot get anywhere with both keys and encrypted function bodies stored in the same database (I hope that's an adequate summary of his point). I'm not convinced that he's right, but that has to be the first issue we think about. The whole thing is a dead end if there's no way to do meaningful encryption --- punting an insoluble problem to the user doesn't make it better. (This is not to say that you don't have a cute idea there, only that it's not a license to take our eyes off the ball.) regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings
