| From: | John R Pierce <pierce(at)hogranch(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing Information |
| Date: | 2016-12-29 00:55:56 |
| Message-ID: | f1f490e3-7eb8-9579-e3a1-d8734d8d2891@hogranch.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 12/28/2016 4:16 PM, jesusthefrog wrote:
>
> If you're storing HIPAA data and/or PII then just make sure it's
> encrypted at rest. We just did this at my workplace by using full disk
> encryption on the disk which stores the DB files.
> That may not be the best solution, but it appears to work well enough.
>
data really should be encrypted at the end point it originates and only
decrypted at the end point where its used. yes, this presents all
sorts of annoying issues for everything in between, but anything less is
false security.
the problem with full disk encryption, as long as the volume is mounted,
the data is visible as the encryption keys are loaded at boot or mount
time. the only threat model FDE protects against is physical theft of
the server.
--
john r pierce, recycling bits in santa cruz
| From | Date | Subject | |
|---|---|---|---|
| Next Message | jesusthefrog | 2016-12-29 01:27:40 | Re: Securing Information |
| Previous Message | jesusthefrog | 2016-12-29 00:16:59 | Re: Securing Information |