Re: [GENERAL] PG and database encryption

On 22-08-2017 22:48, rakeshkumar464 wrote:
> We have a requirement to encrypt the entire database.  What is the best
> tool
> to accomplish this. Our primary goal is that it should be transparent
> to the
> application, with no change in the application, as compared to
> un-encrypted
> database. Reading about pgcrypto module, it seems it is good for few
> columns
> only and using it to encrypt entire database is not a good use-case.
>
> Is this which can be done best by file level encryption?  What are the
> good
> tools on Linux (RHES), preferably open-source.
>
> Thanks
>
>
>
> --
> View this message in context:
> http://www.postgresql-archive.org/PG-and-database-encryption-tp5979618.html
> Sent from the PostgreSQL - general mailing list archive at Nabble.com.


Hello,
I also was interesting about this topic. My research take me to two
problems that can be happened
if you encrypt your hard drive partition where is stored postgresql
data. Postgresql does not support
encryption like oracle or mssql.

The problems that I mentored is two and they are connected with
filesystem:

1. If some is happened on your filesystem and encrypted drive need to be
force checked. It's can damage your files.
2. If LURKS is used, if problem is happened (bad sector, cluster
problem) and that problem / bad sector is
there where is stored your LURKS header encryption data, you cannot
mount your encrypted partition and
if you does not have experiences what to do, your data is lost forever.

My data is too important and because I don't have much time to make more
researches, I get decision not to use encryption.
I think there is hardware named TDS or was IDS but may be is deprecated
but Im not sure.

If you realize encryption somehow, drop us or me email with information.



Regards,
Hristo S.