tav schrieb:
>>  Why is it significantly easier to protect the key[s]
>>  used for the encryption than the storage itself?
> one could always passphrase-protect the key, i.e. use symmetric encryption.
> admittedly, this could potentially be brute-forced, but ... should be
> good enough for most purposes?
And how does your Application (Zope) access the storage?
Exactly. It needs the key - if it has the key - the "attacker"
can just read the data thru the application.

In the end this does not buy you anything but overhead.

If you want to encrypt, just use a crypted filesystem as
DM already suggested. Best performance, best transparency
and well tested.
For more information about ZODB, see the ZODB Wiki:

ZODB-Dev mailing list  -  ZODB-Dev@zope.org

Reply via email to