Journal Journal: Heaven Help Us
While there were some decent posts in the discussion, in general the whole thread was full of posts by people who (in spite of their exceeding confidence):
- Do not understand the difference between encrypting database traffic on the wire and storing encrypted data in a database.
- Do not understand that Microsoft(R) SQL Server(TM) can already do on-the-wire encryption.
- Do not understand that if they want to use open standards to store encrypted data in Microsoft(R) SQL Server(TM), they are already free to do so.
- Do not know that Windows has an encrypting file system.
- Do not know that, in general, it would be an exceedingly bad idea to use an encrypting file system to store database files.
- Do not understand the features already in Microsoft(R) SQL Server(TM) (or the features absent from MySQL, for that matter).
- Don't understand the new encryption features in SQL Server 2005.
- Think that applications will have to care about those new SQL Server 2005 encryption features.
- Do not know that it is an exceedingly bad idea to build indexes on encrypted data.
- Do not understand why, in general, you would never encrypt all of the data in a database.
- Still don't understand the implications of most of what I've written above.
I wish I had time to write a more constructive/instructive post, but I don't. I just couldn't believe the level of ignorance about All Things Database that was so pervasively displayed by so many people in this thread. Discussions like this are a big part of why I find myself reading slashdot discussions less and less frequently.
OK, I'll get off my soapbox now. Like I said, it wasn't everybody, but it sure seemed close. I doubt that many people will even read this, but I guess I was just looking for a place to vent. I feel better now.