On Tue, Nov 1, 2011 at 2:51 AM, Jens Alfke <[email protected]> wrote: > You can encrypt the sensitive data, base64-encode the resulting blob and then > put that into a property of a document. > The disadvantage, of course, is that you can’t index or filter based on this > data because view functions can’t read it. > The only alternative I can think of is to encrypt the entire database file, > which would probably involve splicing into CouchDB at a low level to insert a > block cipher into the file I/O code.
With some modifications of query server you're still able to index encrypted data suffering perfomance penalty from encryption/decryption ops. Filters, however, could not work properly at all (e.g. startkey/endkey against some vital data) in this case, but you could design your view in way to workaround this problem. -- ,,,^..^,,,
