| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us>, Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Ants Aasma <ants(dot)aasma(at)eesti(dot)ee>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: WIP: Data at rest encryption |
| Date: | 2017-06-13 20:08:29 |
| Message-ID: | 5bebfabb-e02d-0172-aafa-99fcaadf7782@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 6/13/17 15:51, Bruce Momjian wrote:
> Isn't the leakage controlled by OS permissions, so is it really leakage,
> i.e., if you can see the leakage, you probably have bypassed the OS
> permissions and see the key and data anyway.
One scenario (among many) is when you're done with the disk. If the
content was fully encrypted, then you can just throw it into the trash
or have your provider dispose of it or reuse it. If not, then,
depending on policy, you will have to physically obtain it and burn it.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2017-06-13 20:10:34 | Re: WIP: Data at rest encryption |
| Previous Message | Bruce Momjian | 2017-06-13 19:51:50 | Re: WIP: Data at rest encryption |