Hi all,

I'm going to be deploying a web service on some random paid webhost
involving a PostgreSQL database with sensitive medical patient information.
The database will be accessed by my frontend PHP web application with a set
of defined users.

Since the database holding patient data is sitting on a 3rd party webhost,
I don't want the data in the database to be cleartext that the webhosting
company can see. What's the best way to encrypt the data?

1. Does PostgreSQL have any database encryption features you guys would
recommend? The problem with this is that anyone sitting on the webhosting
company's side can intercept the authentication if they really wanted to,
so in principle, it's not secure.

2. One way is to do a "password" type symmetric key encryption on the
client side via javascript and send and store the encrypted data to the
remote database. This means I have to distribute the key to the doctor I'm
researching for and his team by hand.


I'm leaning towards the client side password-based symmetric key
encryption. What do you guys think?
--=20
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.