Re: [HACKERS] WIP: Data at rest encryption - Mailing list pgsql-hackers

From Aleksander Alekseev
Subject Re: [HACKERS] WIP: Data at rest encryption
Date
Msg-id 20170614131357.GC11767@e733.localdomain
Whole thread Raw
In response to Re: [HACKERS] WIP: Data at rest encryption  (Aleksander Alekseev <a.alekseev@postgrespro.ru>)
Responses Re: [HACKERS] WIP: Data at rest encryption
List pgsql-hackers
> > While I agree that configuring full disk encryption is not technically
> > difficult, it requires much more privileged access to the system and
> > basically requires the support of a system administrator. In addition,
> > if a volume is not available for encryption, PostgreSQL support for
> > encryption would still allow for its data to be encrypted and as others
> > have mentioned can be enabled by the DBA alone.
>
> Frankly I'm having difficulties imagining when it could be a real
> problem. It doesn't seem to be such a burden to ask a colleague for
> assistance in case you don't have sufficient permissions to do
> something. And I got a strong feeling that solving bureaucracy issues of
> specific organizations by changing PostgreSQL core in very invasive way
> (keeping in mind testing, maintaining, etc) is misguided.

In the same time implementing a plugable storage API and then implementing
encrypted / compressed / whatever storage in a standalone extension using
this API seems to be a reasonable thing to do.

--
Best regards,
Aleksander Alekseev

pgsql-hackers by date:

Previous
From: Aleksander Alekseev
Date:
Subject: Re: [HACKERS] WIP: Data at rest encryption
Next
From: Tom Lane
Date:
Subject: Re: [HACKERS] RemoveSubscriptionRel uses simple_heap_delete