Re: Postgresql database encryption

On 04/20/2018 06:11 PM, Stephen Frost wrote:
> Greetings,
>
> * Ron (ronljohnsonjr(at)gmail(dot)com) wrote:
>> On 04/20/2018 03:55 PM, Vick Khera wrote:
>>> On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavikas(at)gmail(dot)com
>>> For anyone to offer a proper solution, you need to say what purpose your
>>> encryption will serve. Does the data need to be encrypted at rest? Does it
>>> need to be encrypted in memory? Does it need to be encrypted at the
>>> database level or at the application level? Do you need to be able to
>>> query the data? There are all sorts of scenarios and use cases, and you
>>> need to be more specific.
>>>
>>> For me, using whole-disk encryption solved my need, which was to ensure
>>> that the data on disk cannot be read once removed from the server.
>> Someone really needs to explain that to me. My company-issued laptop has
>> WDE, and that's great for when the machine is shut down and I'm carrying it
>> from place to place, but when it's running, all the data is transparently
>> decrypted for every process that wants to read the data, including malware,
>> industrial spies,
>>
>> Thus, unless you move your DB server on a regular basis, I can't see the
>> usefulness of WDE on a static machine.
> The typical concern (aka, attack vector) isn't around moving the DB
> server on a regular basis or about someone breaking into your data
> center and stealing your drives, it's making sure that disposal of
> equipment doesn't result in valuable data being retained on the
> drives when they leave the data center for replacement or disposal.

That makes some sense, but years of added CPU overhead to mitigate a problem
that could be solved by writing zeros to the disk as a step in the decomm
process seems more than a bit wasteful.

--
Angular momentum makes the world go 'round.