On 4/9/2014 2:16 PM, Ken Tanzer wrote:
> I looked at this a while ago because I have clients who might require
> this in the future. ISTM you should be able to have your PG data
> directory stored on an encrypted filesystem. I believe this will
> decrease performance, but I have no idea by how much.
>
> Does anyone else have experience with such a setup, or knowledge of
> how bad the performance hit might be? Or other factors to take into
> consideration? Thanks.
whats the threat model this encryption is supposed to solve ?
a encrypted file system has to be mounted and readable as long as the
file system is operational, this implies that any data in it can be read
by anyone with access to that system.
now, if you just need a checkbox saying its encrypted, then whatever, it
hardly matters.
--
john r pierce 37N 122W
somewhere on the middle of the left coast
