Actually I found a nice open source product "Acra" ... seems to do
the whole thing via a proxy. Now I need to see if I can customize the
encryption enough using a plugin (but at least I can fork it and start
from there). A proxy encryption system seems to be the right call,
then all my client a
On Mon, Oct 07, 2019 at 02:51:30PM -0400, Erik Aronesty wrote:
Good idea for "psycopg". It would be easy for a POC, but I think the
only meaningful layer to operate at would be a libpq drop-in
replacement that intercepts PQgetvalue, PQprepare, PQexecParams,
PQexecPrepared ... etc. That way odb
Good idea for "psycopg". It would be easy for a POC, but I think the
only meaningful layer to operate at would be a libpq drop-in
replacement that intercepts PQgetvalue, PQprepare, PQexecParams,
PQexecPrepared ... etc. That way odbc, python, node, etc would "just
work" as long as you used LD
On Mon, Oct 07, 2019 at 12:05:16PM -0400, Erik Aronesty wrote:
Currently, it is my understanding that the pgcrypto library requires
the user to send a password or private key up to the server for
decryption.
Correct. In the naive case the key is included in each SQL query, which
does have vari
Currently, it is my understanding that the pgcrypto library requires
the user to send a password or private key up to the server for
decryption.
Is there a notion of a client-side encrypt/decrypt plugin when doing a
postgres query?
For example, a user could query postgres, get back data of type
"
