Re: [HACKERS] WIP: Data at rest encryption
От | Aleksander Alekseev |
---|---|
Тема | Re: [HACKERS] WIP: Data at rest encryption |
Дата | |
Msg-id | 20170614131357.GC11767@e733.localdomain обсуждение исходный текст |
Ответ на | Re: [HACKERS] WIP: Data at rest encryption (Aleksander Alekseev <a.alekseev@postgrespro.ru>) |
Ответы |
Re: [HACKERS] WIP: Data at rest encryption
|
Список | pgsql-hackers |
> > While I agree that configuring full disk encryption is not technically > > difficult, it requires much more privileged access to the system and > > basically requires the support of a system administrator. In addition, > > if a volume is not available for encryption, PostgreSQL support for > > encryption would still allow for its data to be encrypted and as others > > have mentioned can be enabled by the DBA alone. > > Frankly I'm having difficulties imagining when it could be a real > problem. It doesn't seem to be such a burden to ask a colleague for > assistance in case you don't have sufficient permissions to do > something. And I got a strong feeling that solving bureaucracy issues of > specific organizations by changing PostgreSQL core in very invasive way > (keeping in mind testing, maintaining, etc) is misguided. In the same time implementing a plugable storage API and then implementing encrypted / compressed / whatever storage in a standalone extension using this API seems to be a reasonable thing to do. -- Best regards, Aleksander Alekseev
В списке pgsql-hackers по дате отправления: