Home > mailing lists

Re: New types for transparent encryption - Mailing list pgsql-hackers

From	Itagaki Takahiro
Subject	Re: New types for transparent encryption
Date	July 8, 2009 05:43:53
Msg-id	20090708143126.AEBA.52131E4D@oss.ntt.co.jp Whole thread Raw
In response to	Re: New types for transparent encryption (tomas@tuxteam.de)
Responses	Re: New types for transparent encryption (Greg Stark <gsstark@mit.edu>)
List	pgsql-hackers

Tree view

tomas@tuxteam.de wrote:

> As other posters have put it, I'd be very sceptical of server-side
> decryption. If the server "has" all the necessary bits to decrypt the
> data, all bets are off.

Server can access both encrypted data and its password, but we can put
them in different disk drives. We cannot decrypt the data unless we have
all copies of the drives.

If postgres server is started manually, there might be another design
that DBA sets password as a postmaster's startup parameter. If do so,
the password is only in memory but not in disk drives.

Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center

pgsql-hackers by date:

From: Brendan Jurd
Date: 08 July 2009, 05:32:31
Subject: Re: [pgsql-www] commitfest.postgresql.org

From: Brendan Jurd
Date: 08 July 2009, 05:45:06
Subject: Re: [pgsql-www] commitfest.postgresql.org

Re: New types for transparent encryption - Mailing list pgsql-hackers

Previous

Next