Re: Supporting Encryption in Postgresql
| От | Doug McNaught |
|---|---|
| Тема | Re: Supporting Encryption in Postgresql |
| Дата | |
| Msg-id | 87pt4vatmr.fsf@asmodeus.mcnaught.org обсуждение исходный текст |
| Ответ на | Re: Supporting Encryption in Postgresql (Paul Tillotson <pntil@shentel.net>) |
| Список | pgsql-hackers |
Paul Tillotson <pntil@shentel.net> writes: > Given that the client does not write pages to the disk, this would be > back-end encryption. Just out of curiosity, what threat model does > this sort of encryption protect against? Surely any attacker who can > read the files off the disk can also get the password used to encrypt > them. Or would this be provided by the client and kept in RAM only? If I have root- or postgres-level access to the machine, I can snarf the encryption key out of RAM even if it's never written to disk. I don't see what this (backend page-level encryption) would buy you over just using an encrypted partition, which is already available on most OSs... -Doug -- Let us cross over the river, and rest under the shade of the trees. --T. J. Jackson, 1863
В списке pgsql-hackers по дате отправления: