Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS) - Mailing list pgsql-hackers

From Tomas Vondra
Subject Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
Date
Msg-id 20190710221847.2gb4vkqdnuda6pbh@development
Whole thread Raw
In response to Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)  (Stephen Frost <sfrost@snowman.net>)
Responses Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
List pgsql-hackers
On Wed, Jul 10, 2019 at 06:04:30PM -0400, Stephen Frost wrote:
>Greetings,
>
>* Tomas Vondra (tomas.vondra@2ndquadrant.com) wrote:
>> On Wed, Jul 10, 2019 at 04:11:21PM -0400, Alvaro Herrera wrote:
>> >On 2019-Jul-10, Bruce Momjian wrote:
>> >
>> >>Uh, what if a transaction modifies page 0 and page 1 of the same table
>> >>--- don't those pages have the same LSN.
>> >
>> >No, because WAL being a physical change log, each page gets its own
>> >WAL record with its own LSN.
>> >
>>
>> What if you have wal_log_hints=off? AFAIK that won't change the page LSN.
>
>Alvaro suggested elsewhere that we require checksums for these, which
>would also force wal_log_hints to be on, and therefore the LSN would
>change.
>

Oh, I see - yes, that would solve the hint bits issue. Not sure we want
to combine the features like this, though, as it increases the costs of
TDE. But maybe it's the best solution.


regards

-- 
Tomas Vondra                  http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services 



pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: [Proposal] Table-level Transparent Data Encryption (TDE) and KeyManagement Service (KMS)
Next
From: David Rowley
Date:
Subject: Re: Tid scan improvements