| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Ants Aasma <ants(dot)aasma(at)gmail(dot)com>, Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: WIP: Data at rest encryption |
| Date: | 2016-06-13 15:18:12 |
| Message-ID: | 29bd8421-d9f5-15fa-48b0-9ebc39ba8f94@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/12/16 3:13 AM, Ants Aasma wrote:
>> 5. Instead of providing passphrase through environmental variable,
>> > better to provide some options to pg_ctl etc.
> That looks like it would be worse from a security perspective.
> Integrating a passphrase prompt would be an option, but a way for
> scripts to provide passphrases would still be needed.
Environment variables and command-line options are visible to other
processes on the machine, so neither of these approaches is really going
to work. We would need some kind of integration with secure
password-entry mechanisms, such as pinentry.
Also note that all tools that work directly on the data directory would
need password-entry and encryption/decryption support, including
pg_basebackup, pg_controldata, pg_ctl, pg_receivexlog, pg_resetxlog,
pg_rewind, pg_upgrade, pg_xlogdump.
It seems that your implementation doesn't encrypt pg_control, thus
avoiding some of that. But that doesn't seem right.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | amul sul | 2016-06-13 15:52:25 | Bug in to_timestamp(). |
| Previous Message | Peter Eisentraut | 2016-06-13 15:07:48 | Re: WIP: Data at rest encryption |