On Sep 15, 2008, at 1:04 PM, Christophe wrote:
More seriously, this is the issue with code-encryption on an open source platform: Where do you keep the key? From my (admittedly brief) research, it appears that Oracle bakes it into the server binary, which isn't going to work for PG.
Just because Oracle implements something poorly doesn't mean it's the only way. I don't know what Oracle actually does, but I wouldn't put much faith in the safety of code protection if that's the way they do it, because an Oracle employee in the right position could easily disclose the key one day.
If this functionality were to be implemented, the proper way to do it would be to require a key file stored on the server or maybe within postgresql.conf. Users who wish to use this functionality could be required to create this by hand, or it could be autogenerated at initdb time.
I don't find this functionality useful, but I also don't think that it's completely worthless. There are enterprises with very different needs and perspectives.
Cheers, -- Casey Allen Shobe Database Architect, The Berkeley Electronic Press -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
