From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, Ants Aasma <ants(dot)aasma(at)eesti(dot)ee>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: WIP: Data at rest encryption |
Date: | 2017-06-15 21:12:01 |
Message-ID: | 20170615211201.GC8443@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Jun 15, 2017 at 05:04:17PM -0400, Robert Haas wrote:
> > Also, there is the sense that security requires
> > trust of the root user, while using Postgres doesn't require the root
> > user to also use Postgres.
>
> I don't understand this. It is certainly true that you're running
> binaries owned by root, the root user could Trojan the binaries and
> break any security you think you have. But that problem is no better
> or worse for PostgreSQL than anything else.
I couldn't find a cleaner way to see it --- it is that database use
doesn't involve the root user using it, while database security requires
the root user to also be security-conscious.
> > One serious difference between in-database-encryption and SSH keys is
> > that the use of passwords for SSH is well understood and reasonable to
> > use, while I think we all admit that use of passwords for database
> > objects like SSL keys is murky. Use of keys for OS-level encryption is
> > a little better handled, but not as clean as SSH keys.
>
> Peter pointed out upthread that our handling of SSL passphrases leaves
> a lot to be desired, and that maybe we should fix that problem first;
> I agree. But I don't think this is any kind of intrinsic limitation
> of PostgreSQL vs. encrypted filesystems vs. SSH; it's just a
> quality-of-implementation issue.
I think there are environmental issues that make password use on SSH
easier than the other cases --- it isn't just code quality. However, it
would be good to research how SSH handles it to see if we can get any
ideas.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ As you are, so once was I. As I am, so you will be. +
+ Ancient Roman grave inscription +
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2017-06-15 21:16:03 | Re: intermittent failures in Cygwin from select_parallel tests |
Previous Message | Robert Haas | 2017-06-15 21:09:48 | Re: intermittent failures in Cygwin from select_parallel tests |