From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Transparent Data Encryption (TDE) and encrypted files |
Date: | 2019-10-04 05:54:16 |
Message-ID: | CABUevEyX138-0fP_BxRUhE+UpfS29PsVzU=JztCQSUi1Fmo5ig@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Thu, Oct 3, 2019 at 4:40 PM Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>
> * Robert Haas (robertmhaas(at)gmail(dot)com) wrote:
> > On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <bruce(at)momjian(dot)us> wrote:
> > > For full-cluster Transparent Data Encryption (TDE), the current plan is
> > > to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem
> > > overflow). The plan is:
> > >
> > >
> https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
> > >
> > > We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact,
> or
> > > other files. Is that correct? Do any other PGDATA files contain user
> > > data?
> >
> > As others have said, that sounds wrong to me. I think you need to
> > encrypt everything.
>
> That isn't what other database systems do though and isn't what people
> actually asking for this feature are expecting to have or deal with.
>
Do any of said other database even *have* the equivalence of say pg_clog or
pg_multixact *stored outside their tablespaces*? (Because as long as the
data is in the tablespace, it's encrypted when using tablespace
encryption..)
--
Magnus Hagander
Me: https://www.hagander.net/ <http://www.hagander.net/>
Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Smith, Peter | 2019-10-04 06:39:57 | RE: Proposal: Make use of C99 designated initialisers for nulls/values arrays |
Previous Message | Magnus Hagander | 2019-10-04 05:52:48 | Re: Transparent Data Encryption (TDE) and encrypted files |