Re: Database level encryption

From: Timothy Madden <terminatorul(at)gmail(dot)com>
To: Joe Conway <mail(at)joeconway(dot)com>
Cc: Kevin Grittner <Kevin(dot)Grittner(at)wicourts(dot)gov>, Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org
Subject: Re: Database level encryption
Date: 2010-04-06 09:45:52
Message-ID: j2v5078d8af1004060245g35b87d5av329ab7a6af9a5579@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

The machine is a mini-laptop running almost all day time (actually
there are many of them) and if the machine is captured it is likely to
be captured while running. With an encrypted file system if the
machine is already booted you already have access to the file system
and can simply copy it and even place back the machine without anyone
notice anything.

With an encrypted database, you need the password anytime you connect,
even if another application already has an open connection.

On Tue, Apr 6, 2010 at 1:50 AM, Joe Conway <mail(at)joeconway(dot)com> wrote:
> On 04/05/2010 01:46 PM, Kevin Grittner wrote:
>> Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> wrote:
>>> Timothy Madden <terminatorul(at)gmail(dot)com> wrote:
>>
>>>> My scenario is how to protect the database if the machine is
>>>> stolen (it is a mini-laptop), and I would like to encrypt the
>>>> entire database, that is all columns of all tables, and if
>>>> possible everything else found in the database.
>>>>
>>>> I would like all searching and sorting functions, just like with
>>>> a normal database (that is, transparent encryption for the
>>>> application level). The password will be entered by a human in
>>>> order to start the application.
>>
>>> Everything you've said so far points to using a mounted encrypted
>>> drive to store the db.
>>
>> Agreed.  I know you explicitly said you didn't want to use that in
>> your original post, but you didn't say why.  I don't think you're
>> going to convince anyone here to put effort into something you can
>> configure to "just work" with so little trouble on existing systems,
>> without a really good argument.
>
> Agreed here also. I don't see any reason for Postgres to provide this
> sort of functionality when it can be done at the OS level. There is
> going to be a significant performance hit -- that is why I would suggest
> careful analysis and selective encryption instead. But if that isn't
> important, an encrypted drive is probably the only option.
>
> Joe
>
>

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Renato Oliveira 2010-04-06 11:22:19 List of postgreSQL databases
Previous Message Renato Oliveira 2010-04-06 08:10:03 Re: Migrate postgres to newer hardware