Re: database file encryption

From: Martijn van Oosterhout <kleptog(at)svana(dot)org>
To: Christopher Browne <cbbrowne(at)acm(dot)org>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: database file encryption
Date: 2006-08-11 14:12:11
Message-ID: 20060811141211.GB950@svana.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Fri, Aug 11, 2006 at 08:52:32AM -0400, Christopher Browne wrote:
> >> I'd like to know if there is a way in order to encrypt these data.
> >
> > Sure, run postgres over an encrypted filesystem.
>
> Actually, that may not work the way you think it does...
>
> As long as the encrypted filesystem is mounted, you can access the
> unencrypted data

Sure. However, it was only asked if the data could be encrypted. My
point was that the OP needs to decide what the actual problem is and
then they can evaluate what are acceptable solutions.

Asking about encrypted files first is putting the cart before the horse.

> The method that consistently works is to encrypt the data before
> putting it in the database so that the DBMS is unaware of what the
> plaintext form is...

Sure, but now you've thought about the attack vectors and what's
important...

Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Tom Laudeman 2006-08-11 14:12:40 Re: Tuning to speed select
Previous Message Francis GUDIN 2006-08-11 13:49:56 VACUUM VERBOSE output to STDERR