Quoting "Joshua D. Drake" <jd@xxxxxxxxxxxxxxxxx>:
IF they've got root, and the unencrypted data or the password / key is
on the machine or in memory on it, you've lost. It may make it harder
for them to get it, but they can.
This is true but in answer to your question you can use something like
cryptfs. Note that you will loose performance.
Joshua D. Drake
I'm looking for something that runs *inside* of Postgres, at a higher
level than a loop-back encrypted volume. This way, it would only be
available when the database engine was running, and ideally only
accessible to an authenticated/logged in user.
David
