Given that the client does not write pages to the disk, this would be
back-end encryption. Just out of curiosity, what threat model does this
sort of encryption protect against? Surely any attacker who can read
the files off the disk can also get the password used to encrypt them.
Or would this be provided by the client and kept in RAM only?
Paul Tillotson
>Murat,
>
>
>
>>For our research project, I need to implement an encryption support for
>>Postgressql. At this current phase, I need to at least support page
>>level encryption In other words, each page that belongs to a certain
>>sensitive table will be stored encrypted on the harddisk.
>>
>>
>
>Are you planning on doing the decryption on the back-end, or on the client?
>It certainly seems to me that doing it on the client would make more sense;
>if the data is decrypted on the back-end, then you will still need the
>overhead of an SSL connection.
>
>In any case, I'm glad that you're looking into this; encryption-on-disk is one
>of those "missing features" that we might never have gotten around to as a
>project ...
>
>
>