Hi Timothy, On Wed, 7 Apr 2010 13:45:11 +0300 Timothy Madden wrote: > On Wed, Apr 7, 2010 at 1:07 AM, Kevin Grittner > <Kevin.Grittner@xxxxxxxxxxxx> wrote: > > Timothy Madden <terminatorul@xxxxxxxxx> wrote: > > > [...] > > But the server needs to read certain data from the database > > directory in order to start. In particular, WAL files need to be > > read to get a clean start, and those can contain any data from the > > database table. Any or all tables may need to be accessed to get > > the database to a consistent point on startup. Plus there are all > > the system catalogs, including the ones needed to authenticate > > users. > > OK let's put the key logger issue aside from database encryption. No, because that's one of the main problems. If someone already goot root access on this laptop, he can snuff keystrokes or the network traffic and capture all kind of passwords (and other interesting information). Basically your database, running on an unprivileged account, is only as secure as the root account. > I am willing to accept that the server may need to read the list of > tables/schema-objects in the database, and some leftover data, in > order to start, as long as the leftover data is immediately discarded > upon start-up, and as long as it is likely that this data is not a > large fraction of the data found in the database. It would still be > nice if this check or clean-up could be delayed until such time some > user really selects the database for use, and provides a password. There's more: - Vacuum reads whole memory pages, so any kind of encryption can only be on row level. - Analyze stores the most common values per column, so it must be able to scan the columns without the password. Else the planer won't have reasonable good data. In addition: the statistics data is stored in system tables, so your password must apply here too. Bye -- Andreas 'ads' Scherbaum German PostgreSQL User Group European PostgreSQL User Group - Board of Directors Volunteer Regional Contact, Germany - PostgreSQL Project -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin