Home > mailing lists

Re: encrypting data stored in PostgreSQL - Mailing list pgsql-general

From	Ken Tanzer
Subject	Re: encrypting data stored in PostgreSQL
Date	April 10, 2014 00:46:20
Msg-id	CAD3a31Xz1zbSzhccLrKHTeFsik8_sXxrMRpzmP4gwN4JzCbV=Q@mail.gmail.com Whole thread Raw
In response to	Re: encrypting data stored in PostgreSQL (John R Pierce <pierce@hogranch.com>)
List	pgsql-general

Tree view

On Wed, Apr 9, 2014 at 2:32 PM, John R Pierce <pierce@hogranch.com> wrote:

On 4/9/2014 2:16 PM, Ken Tanzer wrote:
I looked at this a while ago because I have clients who might require this in the future. ISTM you should be able to have your PG data directory stored on an encrypted filesystem. I believe this will decrease performance, but I have no idea by how much.

Does anyone else have experience with such a setup, or knowledge of how bad the performance hit might be? Or other factors to take into consideration? Thanks.

whats the threat model this encryption is supposed to solve ?

a encrypted file system has to be mounted and readable as long as the file system is operational, this implies that any data in it can be read by anyone with access to that system.

now, if you just need a checkbox saying its encrypted, then whatever, it hardly matters.

--
john r pierce 37N 122W
somewhere on the middle of the left coast

Well the needing to check a box on a checklist was the starting point for me looking into this. I think the scenario would be "what if someone stole your hard disks?" (Or stole Rackspace's hard disk, in my case.) I didn't dig too deep, but it seemed that there was/is a basic tradeoff--either the encryption key is accessible from the server and thus the filesystem can be conveniently and automatically mounted,but providing little extra security, or 2) the encryption key is user supplied at boot time, providing a good deal extra security but way less convenience.

Cheers,

Ken