Re: Database level encryption

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 04/05/2010 01:46 PM, Kevin Grittner wrote:
> Scott Marlowe <scott.marlowe@xxxxxxxxx> wrote:
>> Timothy Madden <terminatorul@xxxxxxxxx> wrote:
>  
>>> My scenario is how to protect the database if the machine is
>>> stolen (it is a mini-laptop), and I would like to encrypt the
>>> entire database, that is all columns of all tables, and if
>>> possible everything else found in the database.
>>>
>>> I would like all searching and sorting functions, just like with
>>> a normal database (that is, transparent encryption for the
>>> application level). The password will be entered by a human in
>>> order to start the application.
>  
>> Everything you've said so far points to using a mounted encrypted
>> drive to store the db.
>  
> Agreed.  I know you explicitly said you didn't want to use that in
> your original post, but you didn't say why.  I don't think you're
> going to convince anyone here to put effort into something you can
> configure to "just work" with so little trouble on existing systems,
> without a really good argument.

Agreed here also. I don't see any reason for Postgres to provide this
sort of functionality when it can be done at the OS level. There is
going to be a significant performance hit -- that is why I would suggest
careful analysis and selective encryption instead. But if that isn't
important, an encrypted drive is probably the only option.

Joe

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux