On Thu, 2005-09-22 at 17:18, Peter Darley wrote:
> A client is asking us about data security, and keeping data encrypted on
> disk. I recall there was some discussion about this before, including
> things like for it to be secure an operator would need to put in a key when
> the disk is mounted, that once it is mounted anyone with permissions to the
> disk can read it, etc.
> Given these drawbacks, I'm wondering if anyone has used an encrypted fs for
> PostgreSQL and if so, what they found in terms of speed. Would this be a
> big hit, or would it be pretty low impact? Also, does it cause any
> potential problems with recovery from a crash, etc?
You and your client need to back up and figure out which scenario you're
trying to protect against.
Encrypting the drive (with an external key) ensures that if someone
steals the disks, or gets hold of the raw db files that they can't get
the data out.
However, if they hack into the machine that is accessing the database,
encrypting the drives doesn't nothing for you.
So, which scenario are they trying to protect against? Once you know
the answer to that question, then you can look at different ways of
encrypting the data you are storing.
In response to
pgsql-admin by date
|Next:||From: Scott Marlowe||Date: 2005-09-23 15:32:28|
|Subject: Re: alter user|
|Previous:||From: Michael Fuhr||Date: 2005-09-23 13:47:03|
|Subject: Re: COPY TO / COPY FROM|