korry wrote:
If you want the data hidden from system administrators, you need to have
the client encrypt it before storing it. Of course, that will have
massive implications for your application.
Have you considered storing your data on an encrypted filesystem? I have no
idea what kind of performance hit you would suffer, but you wouldn't have to
change your application at all that way. Perhaps a private mount so that
only the postgresql process tree could see the decrypted bits?
Since what he is worried about is the ability of admins to get at the
data by connecting to the postgres server (after changing pg_hba.conf),
this will not make the slightest difference - the data would be
decrypted before it ever got to the intruder.
For encryption to be effective against some perceived threat, the data
has to be encrypted before it gets anywhere the spy can see it.
There really are no magic solutions.
Unfortunately, there is not a similar shortage of snake oil.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster