On 10/23/2011 02:37 AM, Joshua D. Drake wrote:
>
> On 10/21/2011 05:42 PM, nrdb wrote:
>>
>> Hi,
>>
>> I am new to this list. I haven't ever contributed code before, and have
>> no idea on how to do this.
>>
>> I have made some changes to my copy of the 9.1.1 code that
>> encrypts/decrypts the database files on the fly using AES256 cypher.
>
> Very cool.
>
>>
>> It passes all the tests. :-)
>>
>> The changes are limited to :
>> src/backend/storage/file/fd.c
>> src/backend/storage/file/buffile.c
>> src/backend/libpq/be-fsstubs.c
>
> Are you willing to submit a patch for people to review? I am not sure
> if the community would want this as backend code or not but it is
> definitely something to discuss.
>
Yes! but I don't know what the procedure is to do that.
>
>>
>> At the moment the password has been hardcoded into the source, I don't
>> know how to get it passed in atm.
>
> I think the easiest way would be to look at the startup code that
> launches postmaster. If it detecs that the files are encrypted it
> would prompt for the passphrase.
>
> Others might have different ideas.
I thought one way would be to pass the name of a named pipe in with a
command argument and then have some program that asks the user for the
password and writes it to the named pipe.
>
> JD
>
Neil Dugan