From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
---|---|
To: | Christopher Browne <cbbrowne(at)acm(dot)org> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: database file encryption |
Date: | 2006-08-11 14:12:11 |
Message-ID: | 20060811141211.GB950@svana.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Fri, Aug 11, 2006 at 08:52:32AM -0400, Christopher Browne wrote:
> >> I'd like to know if there is a way in order to encrypt these data.
> >
> > Sure, run postgres over an encrypted filesystem.
>
> Actually, that may not work the way you think it does...
>
> As long as the encrypted filesystem is mounted, you can access the
> unencrypted data
Sure. However, it was only asked if the data could be encrypted. My
point was that the OP needs to decide what the actual problem is and
then they can evaluate what are acceptable solutions.
Asking about encrypted files first is putting the cart before the horse.
> The method that consistently works is to encrypt the data before
> putting it in the database so that the DBMS is unaware of what the
> plaintext form is...
Sure, but now you've thought about the attack vectors and what's
important...
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Laudeman | 2006-08-11 14:12:40 | Re: Tuning to speed select |
Previous Message | Francis GUDIN | 2006-08-11 13:49:56 | VACUUM VERBOSE output to STDERR |