| From: | Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp> |
|---|---|
| To: | Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> |
| Cc: | Greg Stark <gsstark(at)mit(dot)edu>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: New types for transparent encryption |
| Date: | 2009-07-08 00:49:22 |
| Message-ID: | 20090708093409.AEA3.52131E4D@oss.ntt.co.jp |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Heikki Linnakangas <heikki(dot)linnakangas(at)enterprisedb(dot)com> wrote:
> Greg Stark wrote:
> > It would still protect against offline attacks such as against backup files.
>
> True, but filesystem-level encryption handles that scenario with less pain.
Yes, I intended offline attacks, and also agree that ilesystem-level
encryption will be a solution. However, as I wrote in the first mail,
standard users want to avoid encrypted filesystems that are not maintained
or supported officially.
I just suggested postgres to have an alternative solution of filesystem-level
encryption or infrastructure providing easy way to define new types that
have only difference in typin/typout attributes, such as CREATE TYPE INHERITS
or CREATE DOMAIN WITH INPUT/OUTPUT. It is too difficult for standard users to
define operators and index support methods.
Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Stark | 2009-07-08 01:09:55 | Re: New types for transparent encryption |
| Previous Message | Greg Stark | 2009-07-07 23:56:27 | Re: Re: Synch Rep: direct transfer of WAL file from the primary to the standby |