Re: Transparent encryption in PostgreSQL?

"Greg Patnude" <gpatnude@xxxxxxxxxxx> · Fri, 15 Jul 2005 08:26:14 -0700

The point of a data base is storing ASCII or 
unicode not encypting the data... encrypting the data IN the database is a bad 
idea.... what happens if you ever lose the key ??? you lose ALL your data... 
Additionally -- encryption keys are usually machine-dependent so you lose the 
ability to migrate to new hardware and possibly the ability to upgrade the RDBMS 
engine itself... 

It sounds to me like your issues are really about 
security and access control.... You'd be better off using an ACL and locking 
down your server...

  ""Matt McNeil"" <mcneil@xxxxxxxxxxxxxxx> wrote in 
  message news:20050713191150.7D88752BDF@xxxxxxxxxxxxxxxxxxx...
  Greetings,

  I need to securely store lots of sensitive contact 
  information and
notes in a freely available database (eg PostgreSQL or MySQL) that 
  will be
stored on a database server which I do not have direct access to. 

This database will be accessed by a PHP application that I 
  am
developing.  However, I also need to be able to search/sort these 
  data
with the database functions (SELECT, ORDER BY, etc) so encrypting on
  the client side (web application) 
  or using encryption of specific fields 
  would not work.  (For example, 
  I need to encrypt
contacts' names, 
  but need to be able to search for 
  results by name). (I
realize I could load the entire table into 
  memory with PHP and
process/search/sort it there, but
that's obviously 
  not a very good solution).  Ideally I would like to
encrypt entire 
  tables.  I read something about the 
  pgcrypto contrib
  module, but have't been able to 
  discern if it can do ecryption in a
  transparent way (e.g. so that I can do regex searches 
  on the data).

  My sense is that this is a difficult problem.  
  However, I made the
mistake of promising this functionality, 
so I'm 
  scrambling to figure out some kind of solution.  
  Any
suggestions?

  Thanks so much!

  Matt