Home > mailing lists

Re: Transparent Data Encryption (TDE) and encrypted files - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Transparent Data Encryption (TDE) and encrypted files
Date	October 1, 2019 17:51:32
Msg-id	20191001145132.GA11619@momjian.us Whole thread Raw
In response to	Re: Transparent Data Encryption (TDE) and encrypted files (Tomas Vondra <tomas.vondra@2ndquadrant.com>)
List	pgsql-hackers

Tree view

On Tue, Oct  1, 2019 at 03:48:31PM +0200, Tomas Vondra wrote:
> IMO leaks of sensitive data into the server log (say, as part of error
> messages, slow queries, ...) are a serious issue. It's one of the main
> issues with pgcrypto-style encryption, because it's trivial to leak e.g.
> keys into the server log. Even if proper key management prevents leaking
> keys, there are still user data - say, credit card numbers, and such.

Fortunately, the full-cluster encryption keys are stored encrypted in
pg_control and are never accessible unencrypted at the SQL level.

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

+ As you are, so once was I.  As I am, so you will be. +
+                      Ancient Roman grave inscription +

pgsql-hackers by date:

From: Fabien COELHO
Date: 01 October 2019, 17:48:33
Subject: Re: pgbench - allow to create partitioned tables

From: Tomas Vondra
Date: 01 October 2019, 17:57:58
Subject: Re: Optimize partial TOAST decompression

Re: Transparent Data Encryption (TDE) and encrypted files - Mailing list pgsql-hackers

Previous

Next