| From: | Steve Midgley <steve(dot)midgley(dot)mixrun(at)gmail(dot)com> |
|---|---|
| To: | ROS Didier <didier(dot)ros(at)edf(dot)fr> |
| Cc: | "pgsql-sql-owner(at)postgresql(dot)org" <pgsql-sql-owner(at)postgresql(dot)org>, postgres list <pgsql-sql(at)postgresql(dot)org> |
| Subject: | Re: How to index encrypted colums ? |
| Date: | 2017-10-17 14:14:56 |
| Message-ID: | CAJexoSLgBnxF3iX3m3EihB5LdX2uvMe8igco+r3Ws+9P+RyLJg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
On Oct 17, 2017 12:49 AM, "ROS Didier" <didier(dot)ros(at)edf(dot)fr> wrote:
Hi Klaus
We need encryption because we need to protect sensitive data. I
need to create an index on encrypted columns and I don't know how to insert
private key.
Example:
CREATE INDEX cartedecredit_cc_idx ON cartedecredit(pgp_pub_decrypt(cc,
'--------'));
I believe that Klaus is trying to tell you that if you create an index on
an encrypted column, you are storing the encrypted data in plaintext within
the index. An attacker can access the secure data via the index instead of
the column.
I suppose you could partially mitigate this by putting the index in a
separate table space and putting that table space on a virtual disk device
that is encrypted.
But if that meets your needs why not just put the whole table on that
encrypted table space and leave the column unencrypted inside Pg?
Steve
| From | Date | Subject | |
|---|---|---|---|
| Next Message | ROS Didier | 2017-10-17 15:17:52 | Re: How to index encrypted colums ? |
| Previous Message | ROS Didier | 2017-10-17 07:54:02 | Re: How to get the list of tables with encrypted columns |