Re: Permissions

Поиск
Список
Период
Сортировка
От Andre Labuschagne
Тема Re: Permissions
Дата
Msg-id 648FC074-DA96-41B3-B4CF-509848C5AF98@eduadmin.com
обсуждение исходный текст
Ответ на Re: Permissions  ("David G. Johnston" <david.g.johnston@gmail.com>)
Ответы Re: Permissions  (Skylar Thompson <skylar2@u.washington.edu>)
Re: Permissions  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-novice
Дерево обсуждения

On 20 Sep 2016, at 23:03, David G. Johnston <david.g.johnston@gmail.com> wrote:

On Tue, Sep 20, 2016 at 1:53 PM, Andre Labuschagne <technical@eduadmin.com> wrote:
Thanks for that.  So PG de facto has absolutely no security while in transit then.  That is what we are trying to establish.

​Your definition of "in transit" is unusual...someone obtaining a copy of a backup (or any data files) is generally considered "data at rest".​  Data in transit is stuff flowing on the wires when you, e.g., connect psql to the database and makes queries.  The server is capable of leveraging SSL to setup secure tunnels for data in transit.  The server does not itself encrypt data at rest whether it is the data files, WAL, or in-memory data buffers.  Supplemental options in this area are present but I am unfamiliar with them.

David J.


Hi David

Our usage of the terms is the exact opposite.

I am simply referring to the database being taken else mounted and accused.  We can refer to that as at rest.  If we restrict access when it has “left” the initial PG server and mounted onto another PG server then we have a solution.   But your reference to the little tool that enables trust seems to blow all security out of the water.  It is troublesome.

Cheers
Andre

В списке pgsql-novice по дате отправления:

Предыдущее
От: "David G. Johnston"
Дата:
Сообщение: Re: Permissions
Следующее
От: Skylar Thompson
Дата:
Сообщение: Re: Permissions