| From: | "Liran's Lab" <androidlab3(at)gmail(dot)com> |
|---|---|
| To: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Protecting sensitive data over NetApp |
| Date: | 2018-05-01 07:33:04 |
| Message-ID: | CACoc41WYQK4S4ODZ+617E520zB_8jSUi8+UqqS3fpB5UwFtmkg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
PostgreSQL 9.4
Current setup is one standalone server with disk mount on NetApp.
Data should be protected from access by other sources.
For example - if for some reason one of the Netapp admins mount the
Postgres LUN to another server.
One option is to stored data locally - but then it is limited by capacity
(and costly)
The second option is to encrypt the data.
Since 3rd party is generating the data we cant touch the schema and add
crypt function on the sensitive fields - tables are also too dynamic.
What would be the best (easy to implement, least affecting on performance )
option to implement from the suggested options:
https://www.postgresql.org/docs/8.1/static/encryption-options.html
Would you recommend other options like:
safenet:
https://safenet.gemalto.com/data-encryption/postgresql-database-encryption/
cybertec:
https://www.cybertec-postgresql.com/en/products/postgresql-instance-level-encryption/
After reading:
https://www.enterprisedb.com/blog/postgres-and-transparent-data-encryption-tde
I tend to think that the File system-level encryption might be the best
solution.
Thanks,
Liran.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2018-05-01 07:38:21 | Re: Protecting sensitive data over NetApp |
| Previous Message | Amit Langote | 2018-05-01 07:16:35 | stats_ext test fails with -DCATCACHE_FORCE_RELEASE |