Re: Encrypted Disks

Scott,

The only potential scenario for us is encrypting the disks so if they are
stollen the data is safe. It's a small project and it would not be worth it
to redesign our system to the extent it would need to be to have data in the
fields encrypted while the db is running. So, long and short, I understand
that it only protects the data while the drive is not mounted.

Thanks,
Peter

-----Original Message-----
From: Scott Marlowe [mailto:smarlowe(at)g2switchworks(dot)com]
Sent: Friday, September 23, 2005 8:24 AM
To: Peter Darley
Cc: Pgsql-Admin
Subject: Re: [ADMIN] Encrypted Disks

On Thu, 2005-09-22 at 17:18, Peter Darley wrote:
> Folks,
>
> A client is asking us about data security, and keeping data encrypted on
> disk. I recall there was some discussion about this before, including
> things like for it to be secure an operator would need to put in a key
when
> the disk is mounted, that once it is mounted anyone with permissions to
the
> disk can read it, etc.
>
> Given these drawbacks, I'm wondering if anyone has used an encrypted fs
for
> PostgreSQL and if so, what they found in terms of speed. Would this be a
> big hit, or would it be pretty low impact? Also, does it cause any
> potential problems with recovery from a crash, etc?

You and your client need to back up and figure out which scenario you're
trying to protect against.

Encrypting the drive (with an external key) ensures that if someone
steals the disks, or gets hold of the raw db files that they can't get
the data out.

However, if they hack into the machine that is accessing the database,
encrypting the drives doesn't nothing for you.

So, which scenario are they trying to protect against? Once you know
the answer to that question, then you can look at different ways of
encrypting the data you are storing.