From: | nrdb <postgresql(at)butterflystitches(dot)com(dot)au> |
---|---|
To: | "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com> |
Cc: | postgresql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: database file encryption. |
Date: | 2011-10-22 18:39:48 |
Message-ID: | 4EA30DF4.8040301@butterflystitches.com.au |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On 10/23/2011 02:37 AM, Joshua D. Drake wrote:
>
> On 10/21/2011 05:42 PM, nrdb wrote:
>>
>> Hi,
>>
>> I am new to this list. I haven't ever contributed code before, and have
>> no idea on how to do this.
>>
>> I have made some changes to my copy of the 9.1.1 code that
>> encrypts/decrypts the database files on the fly using AES256 cypher.
>
> Very cool.
>
>>
>> It passes all the tests. :-)
>>
>> The changes are limited to :
>> src/backend/storage/file/fd.c
>> src/backend/storage/file/buffile.c
>> src/backend/libpq/be-fsstubs.c
>
> Are you willing to submit a patch for people to review? I am not sure
> if the community would want this as backend code or not but it is
> definitely something to discuss.
>
Yes! but I don't know what the procedure is to do that.
>
>>
>> At the moment the password has been hardcoded into the source, I don't
>> know how to get it passed in atm.
>
> I think the easiest way would be to look at the startup code that
> launches postmaster. If it detecs that the files are encrypted it
> would prompt for the passphrase.
>
> Others might have different ideas.
I thought one way would be to pass the name of a named pipe in with a
command argument and then have some program that asks the user for the
password and writes it to the named pipe.
>
> JD
>
Neil Dugan
From | Date | Subject | |
---|---|---|---|
Next Message | Joshua D. Drake | 2011-10-22 19:39:01 | Re: database file encryption. |
Previous Message | Robert Haas | 2011-10-22 18:20:11 | Re: So, is COUNT(*) fast now? |