| Subject | Re: Does the database 'need' encryption? |
|---|---|
| Author | tempo93fr |
| Post date | 2010-11-10T15:33:22Z |
> Same seems to be the case with PostgreSQL:you forgot pgcrypto
> http://www.postgresql.org/docs/8.1/static/ssl-tcp.html
http://www.postgresql.org/docs/9.0/static/pgcrypto.html
and I like their warning :
F.25.6.3. Security limitations
All pgcrypto functions run inside the database server. That means that all the data and passwords move between pgcrypto and client applications in clear text. Thus you must:
Connect locally or use SSL connections.
Trust both system and database administrator.
If you cannot, then better do crypto inside client application.