Re: Transparent Data Encryption (TDE) and encrypted files - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: Transparent Data Encryption (TDE) and encrypted files
Date
Msg-id 20191003172946.GE6962@tamriel.snowman.net
Whole thread Raw
In response to Re: Transparent Data Encryption (TDE) and encrypted files  (Tomas Vondra <tomas.vondra@2ndquadrant.com>)
Responses Re: Transparent Data Encryption (TDE) and encrypted files
List pgsql-hackers
Greetings,

* Tomas Vondra (tomas.vondra@2ndquadrant.com) wrote:
> On Thu, Oct 03, 2019 at 11:58:55AM -0400, Stephen Frost wrote:
> >* Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote:
> >>On 2019-10-03 16:40, Stephen Frost wrote:
> >>>> As others have said, that sounds wrong to me.  I think you need to
> >>>> encrypt everything.
> >>> That isn't what other database systems do though and isn't what people
> >>> actually asking for this feature are expecting to have or deal with.
> >>
> >>It is what some other database systems do.  Perhaps some others don't.
> >
> >I looked at the contemporary databases and provided details about all of
> >them earlier in the thread.  Please feel free to review that and let me
> >know if your research shows differently.
>
> I assume you mean this (in one of the other threads):
>
> https://www.postgresql.org/message-id/20190817175217.GE16436%40tamriel.snowman.net
>
> FWIW I don't see anything contradicting the idea of just encrypting
> everything (including vm, fsm etc.). The only case that seems to be an
> exception is the column-level encryption in Oracle, all the other
> options (especially the database-level ones) seem to be consistent with
> this principle.

I don't think I was arguing specifically about VM/FSM in particular but
rather about things which, for us, are cluster level.  Admittedly, some
other database systems put more things into tablespaces or databases
than we do (it'd sure be nice if we did in some cases too, but we
don't...), but they do also have things *outside* of those, such that
you can at least bring the system up, to some extent, even if you can't
access a given tablespace or database.

Thanks,

Stephen

Attachment

pgsql-hackers by date:

Previous
From: Rob
Date:
Subject: Fix for Bug #16032
Next
From: Andres Freund
Date:
Subject: Re: Auxiliary Processes and MyAuxProc