Matthias van de Meent <boekewurm+postgres@gmail.com> wrote:
> On Mon, 11 Apr 2022 at 10:05, Antonin Houska <ah@cybertec.at> wrote:
> >
> > There are't really that many kinds of files to encrypt:
> >
> > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#List_of_the_files_that_contain_user_data
> >
> > (And pg_stat/* files should be removed from the list.)
>
> I was looking at that list of files that contain user data, and
> noticed that all relation forks except the main fork were marked as
> 'does not contain user data'. To me this seems not necessarily true:
> AMs do have access to forks for user data storage as well (without any
> real issues or breaking the abstraction), and the init-fork is
> expected to store user data (specifically in the form of unlogged
> sequences). Shouldn't those forks thus also be encrypted-by-default,
> or should we provide some other method to ensure that non-main forks
> with user data are encrypted?
Thanks. I've updated the wiki page (also included Robert's comments).
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
