The fundamental issue is that you should not be exposing the encryption keys to ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mmerickel on Nov 3, 2016 \| parent \| context \| favorite \| on: Securing PostgreSQL [pdf] The fundamental issue is that you should not be exposing the encryption keys to the database. If you're using pgcrypto then you're issuing SQL statements in the database with the key. You should do your encryption client-side so that the key is never passed over the wire at all.

okket on Nov 3, 2016 [–]

That said, pgcrypto is still useful, you can compute hashes or generate UUIDs with it.

dom0 on Nov 3, 2016 | [–]

The point was that you probably shouldn't use it for data encryption in the DB and think the server doesn't have the keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact