On Fri, Apr 01, 2005 at 13:43:01 -0800,
Joseph Brenner <doom@kzsu.stanford.edu> wrote:
>
> (As to why you would *care* about disk encryption, I would guess
> the scenario is you've got a bunch of guys in the back room
> hot-swapping RAID drives, and you'd rather not post armed guards
> there to watch what happens to the older units.)
You really do need some sort of threat model (or government regulations
that say what you need to do regardless) before you can make good decisions
about security.
> Maybe the right way to do it is to just get the OS to encrypt
> everything, and not make postgresql jump through any extra hoops?
Doing it in the OS is one possibility. That can work well against people
stealing your hardware. It won't work so well in keeping sysadmins from
snooping on your database.