| From: | Masahiko Sawada <sawada(dot)mshk(at)gmail(dot)com> |
|---|---|
| To: | Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> |
| Cc: | PostgreSQL Hackers <pgsql-hackers(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Transparent data encryption support as an extension |
| Date: | 2019-04-12 10:04:16 |
| Message-ID: | CAD21AoCj8-tCQnFXzRDJyPkEdA0kQDfw3XTWWLdocrahYxqVng@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Apr 12, 2019 at 6:34 PM Haribabu Kommi <kommi(dot)haribabu(at)gmail(dot)com> wrote:
>
> Hi Hackers,
>
> I read many mail discussions in supporting data at rest encryption support in
> PostgreSQL.
>
> I checked the discussions around full instance encryption or tablespace or
> table level encryption. In my observation, all the proposals are trying to modify
> the core code to support encryption.
>
> I am thinking of an approach of providing tablespace level encryption support
> including WAL using an extension instead of changing the core code by adding
> hooks in xlogwrite and xlogread flows, reorderbuffer flows and also by adding
> smgr plugin routines to support encryption and decryption of other pages.
>
> Definitely this approach does't work for full instance encryption.
>
> Any opinions/comments/problems in evaluating the encryption with an extesnion
> approach?
>
The discussion[1] of similar proposal might be worth to read. The
proposal was adding hook in BufferSync, although for differential
backup purpose.
[1] https://www.postgresql.org/message-id/20051502087457@webcorp01e.yandex-team.ru
Regards,
--
Masahiko Sawada
NIPPON TELEGRAPH AND TELEPHONE CORPORATION
NTT Open Source Software Center
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Masahiko Sawada | 2019-04-12 10:27:44 | Calling pgstat_report_wait_end() before ereport(ERROR) |
| Previous Message | Haribabu Kommi | 2019-04-12 09:34:13 | Transparent data encryption support as an extension |