| From: | Michael Paquier <michael(dot)paquier(at)gmail(dot)com> |
|---|---|
| To: | Ants Aasma <ants(dot)aasma(at)gmail(dot)com> |
| Cc: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: WIP: Data at rest encryption |
| Date: | 2016-06-13 05:17:27 |
| Message-ID: | CAB7nPqRdw9bbtwo9z7m8SbueXvXqvrj-iSZ=TktOH=BufzEKmg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Sun, Jun 12, 2016 at 4:13 PM, Ants Aasma <ants(dot)aasma(at)gmail(dot)com> wrote:
>> I feel separate file is better to include the key data instead of pg_control
>> file.
>
> I guess that would be more flexible. However I think at least the fact
> that the database is encrypted should remain in the control file to
> provide useful error messages for faulty backup procedures.
Another possibility could be always to do some encryption at data-type
level for text data. For example I recalled the following thing while
going through this thread:
https://github.com/nec-postgres/tdeforpg
Though I don't quite understand the use for encrypt.enable in this
code... This has the advantage to not patch upstream.
--
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Rowley | 2016-06-13 05:35:51 | Re: ERROR: ORDER/GROUP BY expression not found in targetlist |
| Previous Message | Thomas Munro | 2016-06-13 04:50:59 | Re: ERROR: ORDER/GROUP BY expression not found in targetlist |