| From: | Doug McNaught <doug(at)mcnaught(dot)org> |
|---|---|
| To: | Paul Tillotson <pntil(at)shentel(dot)net> |
| Cc: | josh(at)agliodbs(dot)com, kanmurat(at)cs(dot)purdue(dot)edu, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Supporting Encryption in Postgresql |
| Date: | 2004-09-09 23:51:24 |
| Message-ID: | 87pt4vatmr.fsf@asmodeus.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Paul Tillotson <pntil(at)shentel(dot)net> writes:
> Given that the client does not write pages to the disk, this would be
> back-end encryption. Just out of curiosity, what threat model does
> this sort of encryption protect against? Surely any attacker who can
> read the files off the disk can also get the password used to encrypt
> them. Or would this be provided by the client and kept in RAM only?
If I have root- or postgres-level access to the machine, I can snarf
the encryption key out of RAM even if it's never written to disk.
I don't see what this (backend page-level encryption) would buy you
over just using an encrypted partition, which is already available on
most OSs...
-Doug
--
Let us cross over the river, and rest under the shade of the trees.
--T. J. Jackson, 1863
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gaetano Mendola | 2004-09-10 00:06:41 | Re: x86_64 configure problem |
| Previous Message | Paul Tillotson | 2004-09-09 23:43:18 | Re: Supporting Encryption in Postgresql |