Обсуждение: database file encryption.
Hi, I am new to this list. I haven't ever contributed code before, and have no idea on how to do this. I have made some changes to my copy of the 9.1.1 code that encrypts/decrypts the database files on the fly using AES256 cypher. It passes all the tests. :-) The changes are limited to : src/backend/storage/file/fd.c src/backend/storage/file/buffile.c src/backend/libpq/be-fsstubs.c At the moment the password has been hardcoded into the source, I don't know how to get it passed in atm.
On 10/21/2011 05:42 PM, nrdb wrote: > > Hi, > > I am new to this list. I haven't ever contributed code before, and have > no idea on how to do this. > > I have made some changes to my copy of the 9.1.1 code that > encrypts/decrypts the database files on the fly using AES256 cypher. Very cool. > > It passes all the tests. :-) > > The changes are limited to : > src/backend/storage/file/fd.c > src/backend/storage/file/buffile.c > src/backend/libpq/be-fsstubs.c Are you willing to submit a patch for people to review? I am not sure if the community would want this as backend code or not but it is definitely something to discuss. > > At the moment the password has been hardcoded into the source, I don't > know how to get it passed in atm. I think the easiest way would be to look at the startup code that launches postmaster. If it detecs that the files are encrypted it would prompt for the passphrase. Others might have different ideas. JD > > -- Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support, Training, Professional Services and Development The PostgreSQL Conference - http://www.postgresqlconference.org/ @cmdpromptinc - @postgresconf - 509-416-6579
On 10/22/2011 11:39 AM, nrdb wrote: >> Are you willing to submit a patch for people to review? I am not sure >> if the community would want this as backend code or not but it is >> definitely something to discuss. >> > > Yes! but I don't know what the procedure is to do that. http://wiki.postgresql.org/wiki/Submitting_a_Patch >> >> Others might have different ideas. > > I thought one way would be to pass the name of a named pipe in with a > command argument and then have some program that asks the user for the > password and writes it to the named pipe. Any patch you submit will be subject to quite a bit of discussion so be prepared for that. Also it will have to be portable to Windows. JD -- Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support, Training, Professional Services and Development The PostgreSQL Conference - http://www.postgresqlconference.org/ @cmdpromptinc - @postgresconf - 509-416-6579
On 10/23/2011 02:37 AM, Joshua D. Drake wrote: > > On 10/21/2011 05:42 PM, nrdb wrote: >> >> Hi, >> >> I am new to this list. I haven't ever contributed code before, and have >> no idea on how to do this. >> >> I have made some changes to my copy of the 9.1.1 code that >> encrypts/decrypts the database files on the fly using AES256 cypher. > > Very cool. > >> >> It passes all the tests. :-) >> >> The changes are limited to : >> src/backend/storage/file/fd.c >> src/backend/storage/file/buffile.c >> src/backend/libpq/be-fsstubs.c > > Are you willing to submit a patch for people to review? I am not sure > if the community would want this as backend code or not but it is > definitely something to discuss. > Yes! but I don't know what the procedure is to do that. > >> >> At the moment the password has been hardcoded into the source, I don't >> know how to get it passed in atm. > > I think the easiest way would be to look at the startup code that > launches postmaster. If it detecs that the files are encrypted it > would prompt for the passphrase. > > Others might have different ideas. I thought one way would be to pass the name of a named pipe in with a command argument and then have some program that asks the user for the password and writes it to the named pipe. > > JD > Neil Dugan
"Joshua D. Drake" <jd@commandprompt.com> writes:
> Any patch you submit will be subject to quite a bit of discussion so be
> prepared for that. Also it will have to be portable to Windows.
The first question that's going to be asked is why you don't just use an
encrypted file system, instead. Not every problem has to be solved at
the database level.
regards, tom lane
On 10/23/2011 08:17 AM, Tom Lane wrote: > "Joshua D. Drake"<jd@commandprompt.com> writes: >> Any patch you submit will be subject to quite a bit of discussion so be >> prepared for that. Also it will have to be portable to Windows. > > The first question that's going to be asked is why you don't just use an > encrypted file system, instead. Not every problem has to be solved at > the database level. > > regards, tom lane > Well the database files are always encrypted, with using a encrypted file system, there is an unencrypted view of the files visible. I realise that under normal setup this is readable by only the postgres user, and if you could read the files you would also be able to interrogate the server to get the data. But if the postgres server wasn't running yet (i.e. the password hadn't been entered), there would be no data visible. I don't know anything about Windows, does it have the same file security as Linux? I realise the difference is small.
On 10/23/2011 06:39 AM, Joshua D. Drake wrote: > > On 10/22/2011 11:39 AM, nrdb wrote: > >>> Are you willing to submit a patch for people to review? I am not sure >>> if the community would want this as backend code or not but it is >>> definitely something to discuss. >>> >> >> Yes! but I don't know what the procedure is to do that. > > http://wiki.postgresql.org/wiki/Submitting_a_Patch I will submit the patch in a few days when I have cleaned it up some more. Basically it patches the FileRead() and FileWrite() in fd.c to do the encryption and decryption. > >>> >>> Others might have different ideas. >> >> I thought one way would be to pass the name of a named pipe in with a >> command argument and then have some program that asks the user for the >> password and writes it to the named pipe. > > Any patch you submit will be subject to quite a bit of discussion so > be prepared for that. Also it will have to be portable to Windows. > I have no idea on making it portable to Windows, I very rarely use it and know nothing about coding on it. The only problem will be in the actual encryption/decryption functions, and the key setup. > JD >