Re: Transparent Data Encryption (TDE) and encrypted files

Поиск
Список
Период
Сортировка
От Magnus Hagander
Тема Re: Transparent Data Encryption (TDE) and encrypted files
Дата
Msg-id CABUevEyX138-0fP_BxRUhE+UpfS29PsVzU=JztCQSUi1Fmo5ig@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Transparent Data Encryption (TDE) and encrypted files  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: Transparent Data Encryption (TDE) and encrypted files  (Stephen Frost <sfrost@snowman.net>)
Список pgsql-hackers
Дерево обсуждения
On Thu, Oct 3, 2019 at 4:40 PM Stephen Frost <sfrost@snowman.net> wrote:

* Robert Haas (robertmhaas@gmail.com) wrote:
> On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <bruce@momjian.us> wrote:
> > For full-cluster Transparent Data Encryption (TDE), the current plan is
> > to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem
> > overflow).  The plan is:
> >
> >         https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption
> >
> > We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, or
> > other files.  Is that correct?  Do any other PGDATA files contain user
> > data?
>
> As others have said, that sounds wrong to me.  I think you need to
> encrypt everything.

That isn't what other database systems do though and isn't what people
actually asking for this feature are expecting to have or deal with.

Do any of said other database even *have* the equivalence of say pg_clog or pg_multixact *stored outside their tablespaces*? (Because as long as the data is in the tablespace, it's encrypted when using tablespace encryption..)

--

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Magnus Hagander
Дата:
Сообщение: Re: Transparent Data Encryption (TDE) and encrypted files
Следующее
От: "Smith, Peter"
Дата:
Сообщение: RE: Proposal: Make use of C99 designated initialisers fornulls/values arrays