| From: | nrdb <postgresql(at)butterflystitches(dot)com(dot)au> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, postgresql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: database file encryption. |
| Date: | 2011-10-23 01:19:49 |
| Message-ID: | 4EA36BB5.9080409@butterflystitches.com.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10/23/2011 08:17 AM, Tom Lane wrote:
> "Joshua D. Drake"<jd(at)commandprompt(dot)com> writes:
>> Any patch you submit will be subject to quite a bit of discussion so be
>> prepared for that. Also it will have to be portable to Windows.
>
> The first question that's going to be asked is why you don't just use an
> encrypted file system, instead. Not every problem has to be solved at
> the database level.
>
> regards, tom lane
>
Well the database files are always encrypted, with using a encrypted
file system, there is an unencrypted view of the files visible.
I realise that under normal setup this is readable by only the
postgres user, and if you could read the files you would also be able
to interrogate the server to get the data.
But if the postgres server wasn't running yet (i.e. the password
hadn't been entered), there would be no data visible.
I don't know anything about Windows, does it have the same file
security as Linux?
I realise the difference is small.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | nrdb | 2011-10-23 01:37:09 | Re: database file encryption. |
| Previous Message | Thom Brown | 2011-10-23 00:19:07 | Re: synchronized snapshots |