Re: WIP: Data at rest encryption
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Bruce Momjian <bruce@momjian.us>, Ants Aasma <ants.aasma@eesti.ee>, Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2017-06-13T22:13:33Z
Lists: pgsql-hackers
Peter, * Peter Eisentraut (peter.eisentraut@2ndquadrant.com) wrote: > On 6/13/17 15:20, Stephen Frost wrote: > > And then you would need openssl on the other system to decrypt it. > > Or make the USB file system encrypted as well? If you're in that kind > of environment, that would surely be feasible, if not required. Right, but requiring file system encryption to work on a USB stick across different types of systems strikes me as actually a higher bar than requiring openssl to exist on both the source and destination sides. Naturally, if the environment you're in has already solved that problem across the enterprise then it's a good approach, although you might want to use a different encryption key, perhaps, though hopefully that's something you'd be able to do pretty easily too. Thanks! Stephen
Commits
-
Dramatically reduce System V shared memory consumption.
- b0fc0df9364d 9.3.0 cited