| From: | Sam Halliday <sam(dot)halliday(at)gmail(dot)com> |
|---|---|
| To: | tomas(at)tuxteam(dot)de |
| Cc: | Bill Moran <wmoran(at)potentialtech(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: RFE: Transparent encryption on all fields |
| Date: | 2009-04-26 10:54:55 |
| Message-ID: | D7F7EBAB-D45B-4F93-8CF3-E2CAB5FE466D@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 26 Apr 2009, at 07:05, tomas(at)tuxteam(dot)de wrote:
>> - a single psql server can autonomously start up and serve connection
>> requests (this cannot be done with encrypted disc)
>
> Sure it can -- it will be strongly architecture dependent though. Look
> at [1] for an example of how this might be done for the _root
> partition_
> in GNU/Linux (it'll be easier for a dedicated partition, when all else
> is up and running).
I read the reference and I disagree that this is currently possible.
Even this example is not an autonomous startup of the psql server. It
requires an inward network connection, for a start. Consider the case
where the PSQL server is on a laptop and its primary function is to
serve local requests, therefore "dialling in" over ssh is not an option.
If there were a way to prompt the user for the password to an
encrypted drive on startup for all OS, with an equivalent for headless
machines... then perhaps encrypted drives would be practical enough to
be used by psql. At the moment, the bootup sequence and requirements
of psql mean its only really an option for user-started servers. An
alternative is necessary.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sam Halliday | 2009-04-26 11:40:33 | Re: RFE: Transparent encryption on all fields |
| Previous Message | Valtonen, Hannu | 2009-04-26 10:00:54 | Patch to add support for text/int arrays for plpythonu |