| From: | Tim Cross <theophilusx(at)gmail(dot)com> |
|---|---|
| To: | Ron <ronljohnsonjr(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Postgresql database encryption |
| Date: | 2018-04-21 00:13:33 |
| Message-ID: | 87o9id5scy.fsf@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Ron <ronljohnsonjr(at)gmail(dot)com> writes:
> On 04/20/2018 03:55 PM, Vick Khera wrote:
>> On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavikas(at)gmail(dot)com
>> <mailto:shavikas(at)gmail(dot)com>> wrote:
>>
>
> Someone really needs to explain that to me. My company-issued laptop has
> WDE, and that's great for when the machine is shut down and I'm carrying it
> from place to place, but when it's running, all the data is transparently
> decrypted for every process that wants to read the data, including malware,
> industrial spies,
>
It really depends on the architecture. In many server environments these
days, some sort of network storage is used. Having the 'disk' associated
with a specific server encrypted can provide some level of protection from another
machine which also has access to the underlying infrastructure from
being able to access that data.
The other level of protection is for when disks are disposed of. There
have been many cases where data has been retrieved off disks which have
been sent for disposal.
Finally, the basic physical protection. Someone cannot just access your
data centre, remove a disk from the SAN and then access the data.
Then of course there is the bureaucratic protection - "Yes boss, all our
data is encrypted on disk."
Tim
"
--
Tim Cross
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Cross | 2018-04-21 00:16:52 | Re: Postgresql database encryption |
| Previous Message | Tim Cross | 2018-04-20 23:55:21 | Re: Postgresql database encryption |