the idea is basically to hide codes - many companies want that and
ask for it again and again.
i would suggest keys to reside in $PGDATA. we do this for SSL and so
initdb could create such keys so that they are unique to every
decrypting could be avoided as much as possible basically we should
just decrypt on first all and when it changes.
for pg_dump i would suggest two options:
a.) pass the keys to dump in a decrypted way
b.) dump in encrypted way.
i would think that this is a quite valuable features. would be nice
to have it.
maybe we can agree on a nice mechanism here which will be implemented
On Aug 9, 2007, at 3:57 PM, Andrew Dunstan wrote:
Hans-Juergen Schoenig wrote:
one of our customers wants to store the code of interpreted
procedures (PL/pgSQL, PL/Perl) and so in an encrypted way.
so the idea we had to add one more column to pg_proc telling us
whether prosrc is encrypted or not. people could chose then
whether to crypt codes there or not (speed of decryption can be an
should not be hard to implement ...
what do people think about this feature?
Perhaps you could give us a justification for it. Are you intending
to have stored procs contain security sensitive information? Or is
this an attempt to hide closed source code from prying eyes? Where
would the encryption keys be stored? And how would it work with
This doesn't sound very well thought out, frankly.
TIP 7: You can help support the PostgreSQL project by donating at
Cybertec Geschwinde & Schönig GmbH
Gröhrmühlgasse 26, 2700 Wiener Neustadt
Tel: +43/1/205 10 35 / 340