ZeroDB, an end-to-end encrypted database

This feels like a hollow announcement, given that there&#x27;s no code or design details to look at.<p>I am curious how they intend to let a client run queries against a dataset that the server cannot read without the server having to send all the encrypted data over the wire, or at least an index of all the encrypted data. Which sounds limiting for large datasets.

How does this compare to CryptDB <a href="http://css.csail.mit.edu/cryptdb/" rel="nofollow">http:&#x2F;&#x2F;css.csail.mit.edu&#x2F;cryptdb&#x2F;</a> ?

I realize that your post was titled &quot;Hello World&quot; so I wouldn&#x27;t expect too much substance, but a couple quick questions (honest ones, not being sarcastic):<p>What is the use case for something like this?<p>Is this f&#x2F;oss ... similarly, what are the licensing terms?<p>Quick comment:<p>Please don&#x27;t misuse the word &quot;hack&quot; when you actually mean &quot;security breach&quot;. Thanks!

Database encryption doesn&#x27;t make a whole lot of sense to me. Proper row and column security, and using real database user authentication (not one single, pooled web server user) is real security. A db on its own box, in its own network zone, physically controller by the data owner.<p>What&#x27;s the threat here?<p>SQL Injection? Encryption won&#x27;t help. Use parameterized queries and least privilege.<p>Evil admin? They can just monitor the web server instead of the db.

This is an amazing promise, but I was sad this is just a beta signup. I would really love to play around with something like this, and would also like to know how it works.<p>Don&#x27;t play with my heart, ZeroDB. Show us what you&#x27;ve got!

Kind of interesting but I would like to see an explanation of the idea and how it works. The demo video doesn&#x27;t seem to show any sign of encryption.

Alright even though it&#x27;s light on information you&#x27;ve certainly caught my attention. Is there a GitHub page setup yet that I can follow?

Interesting. I wonder how it will turn out to compare with ProtonMail&#x27;s solution.

1. Good, all DB data needs to be encrypted 2. That said, the largest security risk is applications (backends) that enable mass access to customer data and allow mass leaks of customer data.

Some technical detail would be much appreciated, like the language you are using on the server side, any dependencies? Road map for when you are open sourcing it (I assume you will do)...

Sorry for asking, but if the private keys are stored client-side, how do handle users with multiple computers? Let the user handle it by hand?<p>(i&#x27;m no encryption expert, just curious)

hi there. this concept has already been developed at : <a href="http://spot-on.sf.net" rel="nofollow">http:&#x2F;&#x2F;spot-on.sf.net</a> and is also deployed in <a href="http://goldbug.sf.net" rel="nofollow">http:&#x2F;&#x2F;goldbug.sf.net</a>