The attributes API came out of a requirement for a consulting project that all data be encrypted at rest even if DB was compromised @sgrif
-
-
(I do it by putting DB's backing days files on encrypted file system using encryptfs. If disk is compromised when *not in use* no biggie.)
-
(Note that this works for some definitions of "at rest" but not others. Guess what: many legal regimes aren't sure what they mean.)
- 1 more reply
New conversation -
-
-
Application-layer database encryption is actually a bad design. You have to miss out on most useful DB features.
-
Depends. We store user data encrypted per-user, with derived keys we don't store. Can't do that in the db
- 4 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.