Greetings, * Jagmohan Kaintura (jagmohan@xxxxxxxxxxxxxx) wrote: > Yup right now data is being accessed in this manner only. > application access using tenant user only who have specific tenantId in > that session and can see its own data only. It doesn't know about anyone > else's data and neither can get/fetch. > > So isolation is 100% guaranteed right now. Note that views aren't actually guaranteed to provide the isolation you're looking for unless you mark them as being a security barrier, see: https://www.postgresql.org/docs/current/rules-privileges.html Alternatively, you could use RLS and CREATE POLICY: https://www.postgresql.org/docs/current/ddl-rowsecurity.html > But isolation is not enough from an operations perspective, so I need > encryption too in some way or another way, whatever postgreSQL supports > and encryption key should differ for a tenant . You can have PG do encryption by using the pgcrypto extension, perhaps with some custom GUC and views (which should really also be security barrier..) to have it be transparent. As mentioned elsewhere, you're really better off doing it in the application though, so that the DB server doesn't ever see the plaintext data. You should really be considering what the attack vector you're concerned about is though- SQL injection? Insider threat? Improper media disposal? Application server compromise? DB server compromise? etc. Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
