On 04/05/2010 01:46 PM, Kevin Grittner wrote: > Scott Marlowe <scott.marlowe@xxxxxxxxx> wrote: >> Timothy Madden <terminatorul@xxxxxxxxx> wrote: > >>> My scenario is how to protect the database if the machine is >>> stolen (it is a mini-laptop), and I would like to encrypt the >>> entire database, that is all columns of all tables, and if >>> possible everything else found in the database. >>> >>> I would like all searching and sorting functions, just like with >>> a normal database (that is, transparent encryption for the >>> application level). The password will be entered by a human in >>> order to start the application. > >> Everything you've said so far points to using a mounted encrypted >> drive to store the db. > > Agreed. I know you explicitly said you didn't want to use that in > your original post, but you didn't say why. I don't think you're > going to convince anyone here to put effort into something you can > configure to "just work" with so little trouble on existing systems, > without a really good argument. Agreed here also. I don't see any reason for Postgres to provide this sort of functionality when it can be done at the OS level. There is going to be a significant performance hit -- that is why I would suggest careful analysis and selective encryption instead. But if that isn't important, an encrypted drive is probably the only option. Joe
Attachment:
signature.asc
Description: OpenPGP digital signature