Skip site navigation (1) Skip section navigation (2)

Re: database file encryption.

From: nrdb <postgresql(at)butterflystitches(dot)com(dot)au>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, postgresql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: database file encryption.
Date: 2011-10-23 01:19:49
Message-ID: 4EA36BB5.9080409@butterflystitches.com.au (view raw or flat)
Thread:
Lists: pgsql-hackers
On 10/23/2011 08:17 AM, Tom Lane wrote:
> "Joshua D. Drake"<jd(at)commandprompt(dot)com>  writes:
>> Any patch you submit will be subject to quite a bit of discussion so be
>> prepared for that. Also it will have to be portable to Windows.
>
> The first question that's going to be asked is why you don't just use an
> encrypted file system, instead.  Not every problem has to be solved at
> the database level.
>
> 			regards, tom lane
>
Well the database files are always encrypted, with using a encrypted 
file system, there is an unencrypted view of the files visible.

I realise that under normal setup this is readable by only the 
postgres user, and if you could read the files you would also be able 
to interrogate the server to get the data.

But if the postgres server wasn't running yet (i.e. the password 
hadn't been entered), there would be no data visible.

I don't know anything about Windows, does it have the same file 
security as Linux?

I realise the difference is small.

In response to

pgsql-hackers by date

Next:From: nrdbDate: 2011-10-23 01:37:09
Subject: Re: database file encryption.
Previous:From: Thom BrownDate: 2011-10-23 00:19:07
Subject: Re: synchronized snapshots

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group