Re: encrypting data stored in PostgreSQL

Ken Tanzer <ken.tanzer@xxxxxxxxx> · Wed, 9 Apr 2014 14:45:34 -0700

On Wed, Apr 9, 2014 at 2:32 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:

On 4/9/2014 2:16 PM, Ken Tanzer wrote:
I looked at this a while ago because I have clients who might require this in the future.  ISTM you should be able to have your PG data directory stored on an encrypted filesystem.  I believe this will decrease performance, but I have no idea by how much.

Does anyone else have experience with such a setup, or knowledge of how bad the performance hit might be?  Or other factors to take into consideration?  Thanks.

whats the threat model this encryption is supposed to solve ?

a encrypted file system has to be mounted and readable as long as the file system is operational, this implies that any data in it can be read by anyone with access to that system.

now, if you just need a checkbox saying its encrypted, then whatever, it hardly matters.

-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast

Well the needing to check a box on a checklist was the starting point for me looking into this.  I think the scenario would be "what if someone stole your hard disks?" (Or stole Rackspace's hard disk, in my case.)  I didn't dig too deep, but it seemed that there was/is a basic tradeoff--either the encryption key is accessible from the server and thus the filesystem can be conveniently and automatically mounted,but providing little extra security, or 2)  the encryption key is user supplied at boot time, providing a good deal extra security but way less convenience.  

Cheers,
Ken

-- 
AGENCY Software  

A Free Software data system
By and for non-profits
http://agency-software.org/
https://agency-software.org/demo/client

ken.tanzer@xxxxxxxxxxxxxxxxxxx
(253) 245-3801

Subscribe to the mailing list to

learn more about AGENCY or
follow the discussion.