On Tue, Aug 22, 2017 at 3:27 PM, rakeshkumar464
<rakeshkumar464@outlook.com> wrote:
> Thanks John and JD.
>
> John: Are you telling that the backup of a database has no protection?
If you use LUKS to encrypt a filesystem and then copy any file data on
that filesystem to another file on an unencrypted filesystem, then the
copy is not encrypted. You'd need to use something like gpg2 to
encrypt it before storing. The same if you dumped the database using a
utility such as pg_dump. I don't know of a way to encrypt a database
such that it is unencrypted transparently for the PostgreSQL server,
but not for some other application which can access the physical
files. And even if this were possible, the pg_dump would output
unencrypted data. This is basically due to your requirement that the
PostgreSQL client (application) not supply a password to PostgreSQL to
do the decryption. Of course, you could embed the
encryption/decryption into the application itself so that the data is
encrypted before it is passed to PostgreSQL to store. But I think that
violates your original requirements.
--
If you look around the poker table & don't see an obvious sucker, it's you.
Maranatha! <><
John McKown