Re: encrypting data stored in PostgreSQL

On Wed, Apr 9, 2014 at 2:32 PM, John R Pierce <pierce(at)hogranch(dot)com> wrote:

> On 4/9/2014 2:16 PM, Ken Tanzer wrote:
>
>> I looked at this a while ago because I have clients who might require
>> this in the future. ISTM you should be able to have your PG data directory
>> stored on an encrypted filesystem. I believe this will decrease
>> performance, but I have no idea by how much.
>>
>> Does anyone else have experience with such a setup, or knowledge of how
>> bad the performance hit might be? Or other factors to take into
>> consideration? Thanks.
>>
>
> whats the threat model this encryption is supposed to solve ?
>
> a encrypted file system has to be mounted and readable as long as the file
> system is operational, this implies that any data in it can be read by
> anyone with access to that system.
>
> now, if you just need a checkbox saying its encrypted, then whatever, it
> hardly matters.
>
>
> --
> john r pierce 37N 122W
> somewhere on the middle of the left coast
>

Well the needing to check a box on a checklist was the starting point for
me looking into this. I think the scenario would be "what if someone stole
your hard disks?" (Or stole Rackspace's hard disk, in my case.) I didn't
dig too deep, but it seemed that there was/is a basic tradeoff--either the
encryption key is accessible from the server and thus the filesystem can be
conveniently and automatically mounted,but providing little extra security,
or 2) the encryption key is user supplied at boot time, providing a good
deal extra security but way less convenience.

Cheers,
Ken

--
AGENCY Software
A Free Software data system
By and for non-profits
*http://agency-software.org/ <http://agency-software.org/>*
*https://agency-software.org/demo/client
<https://agency-software.org/demo/client>*
ken(dot)tanzer(at)agency-software(dot)org
(253) 245-3801

Subscribe to the mailing
list<agency-general-request(at)lists(dot)sourceforge(dot)net?body=subscribe>
to
learn more about AGENCY or
follow the discussion.