| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Andre Labuschagne <technical(at)eduadmin(dot)com> |
| Cc: | "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Permissions |
| Date: | 2016-09-20 21:03:06 |
| Message-ID: | CAKFQuwYmVCivzkZ_NqRskqXX0EN2DJchu7xmLCxAFBtdScsaYQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
On Tue, Sep 20, 2016 at 1:53 PM, Andre Labuschagne <technical(at)eduadmin(dot)com>
wrote:
> Thanks for that. So PG de facto has absolutely no security while in
> transit then. That is what we are trying to establish.
>
Your definition of "in transit" is unusual...someone obtaining a copy of a
backup (or any data files) is generally considered "data at rest". Data
in transit is stuff flowing on the wires when you, e.g., connect psql to
the database and makes queries. The server is capable of leveraging SSL to
setup secure tunnels for data in transit. The server does not itself
encrypt data at rest whether it is the data files, WAL, or in-memory data
buffers. Supplemental options in this area are present but I am unfamiliar
with them.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andre Labuschagne | 2016-09-20 21:17:47 | Re: Permissions |
| Previous Message | Andre Labuschagne | 2016-09-20 20:59:21 | Re: Permissions |