On 1/21/06, Bricklen Anderson <banderson@xxxxxxxxxxxx> wrote: > Jim C. Nasby wrote: > > I would highly recommend taking a look at how Oracle is handling > > encryption in the database in 10.2 (or whatever they're calling it). > > They've done a good job of thinking out how to handle things like > > managing the keys. > > > > I know that Oracle magazine did an article on it recently; you should be > > able to find that online somewhere. > > This link? > http://www.oracle.com/technology/oramag/oracle/05-sep/o55security.html Two points about it: 1) Their threat model is very clear - someone gets the backup. 2) They have focused on usbility from inside the database. Thats all good, but IMHO such threat is more profitable to solve by simply feeding pg_dump output to GnuPG. This has one important advantage over Oracle solution - no secret key is needed for regular operation. It is only needed for restore operation. -- marko
