On Tue, Jul 13, 2004 at 11:35:57 +0200, Daniel Struck <struck.d@xxxxxxxxxxxxxxxx> wrote: > > Keeping the system administrator from seeing the data while making it > > searchable is difficult. To do this you need to encrypt the data on > > the client side using a key the client has (and this key has to be > > protected from loss) and the only searches you can do are equality > > searches using a hash or encrypted value. > > You can also perform regex searches. If you decrypt the data on the database, the sysadmin can see it. If you are willing to take that chance (e.g. if you primary concern is some third party getting a snapshot of the DB), then you can do lots of things.