Hi Hackers,
I read many mail discussions in supporting data at rest encryption support in
PostgreSQL.
I checked the discussions around full instance encryption or tablespace or
table level encryption. In my observation, all the proposals are trying to modify
the core code to support encryption.
I am thinking of an approach of providing tablespace level encryption support
including WAL using an extension instead of changing the core code by adding
hooks in xlogwrite and xlogread flows, reorderbuffer flows and also by adding
smgr plugin routines to support encryption and decryption of other pages.
Definitely this approach does't work for full instance encryption.
Any opinions/comments/problems in evaluating the encryption with an extesnion
approach?
Regards,
Haribabu Kommi
Fujitsu Australia
