Re: Proposed patch for key managment
| От | Bruce Momjian |
|---|---|
| Тема | Re: Proposed patch for key managment |
| Дата | |
| Msg-id | 20201210184939.GC13515@momjian.us обсуждение исходный текст |
| Ответ на | Re: Proposed patch for key managment (Stephen Frost <sfrost@snowman.net>) |
| Список | pgsql-hackers |
On Wed, Dec 9, 2020 at 05:18:37PM -0500, Stephen Frost wrote: > Greetings, > > * Daniel Gustafsson (daniel@yesql.se) wrote: > > > On 2 Dec 2020, at 22:38, Bruce Momjian <bruce@momjian.us> wrote: > > > Attached is a patch for key management, which will eventually be part of > > > cluster file encryption (CFE), called TDE (Transparent Data Encryption) > > > by Oracle. > > > > The attackvector protected against seems to be operating systems users > > (*without* any legitimate database access) gaining access to the data files. > > That isn't the only attack vector that this addresses (though it is one > that this is envisioned to help with- to wit, someone rsync'ing the DB > directory). TDE also helps with traditional data at rest requirements, > in environments where you don't trust the storage layer to handle that > (for whatever reason), and it's at least imagined that backups with > pg_basebackup would also be encrypted, helping protect against backup > theft. > > There's, further, certainly no shortage of folks asking for this. Can we flesh this out more in the docs? Any idea on wording compared to what I have? -- Bruce Momjian <bruce@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
В списке pgsql-hackers по дате отправления: