Search Postgresql Archives

Re: Blobs in Postgresql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/17/07 23:16, Merlin Moncure wrote:
> On 8/18/07, Ron Olson <tachoknight@xxxxxxxxx> wrote:
>> The language is Java. I've made some tests and they work very well for 25meg
>> files....works exactly the way it should, first time. MySQL had all kinds of
>> nasty surprises for me when I first started working with blobs, but I can
>> say that I took my code, changed the driver, and it all works like a champ
>> (mind you, this was a quick test app).
>>
>> I haven't looked at encryption at the database level....is such a thing
>> available? I know Oracle has some form of data encryption at the database
>> level so the nefarious DBA with the wide mustache and black brimmed hat
>> always going "ah ha ha ha ha" can't make off with the data, but does
>> Postgres have something similar?
>>
>> BTW, to put into context, the database will be designed to hold evidence
>> (well, photos and videos of). Thus the compelling need for some security, as
>> well as the variation in file sizes.
> 
> Well, my assumption was that you would encrypt the data on the client
> side and store it that way.
> 
> PostgreSQL has open architecture.  If you wanted to do the encryption
> on the server, one possible approach that jumps out at me is to write
> a small C function which receives the data, encrypts the image using a
> key sent by the client all (but not stored), and either stores the
> encrypted image back in the database via SPI or writes it out to a
> file.
> 
> There are many strategies to encrypting data...first thing to think
> about is where the encryption happens, where the keys are stored, etc.

Client-side encryption is important, because with server-side
encryption, you are sending the Valuable Data across the wire (or,
even worse!) wireless in cleartext form.

It's more likely that there's a packet sniffer on the network than
an Evil DBA snooping around.

- --
Ron Johnson, Jr.
Jefferson LA  USA

Give a man a fish, and he eats for a day.
Hit him with a fish, and he goes away for good!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGxwf7S9HxQb37XmcRAimGAJ98Kykormb63BedYknIij2xZvDgEACgw23C
eWn7JJKSs1KL9dSfVx3p/BY=
=OLl1
-----END PGP SIGNATURE-----

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

               http://archives.postgresql.org/
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux