Re: WIP: Data at rest encryption
| От | Peter Eisentraut |
|---|---|
| Тема | Re: WIP: Data at rest encryption |
| Дата | |
| Msg-id | 29bd8421-d9f5-15fa-48b0-9ebc39ba8f94@2ndquadrant.com обсуждение исходный текст |
| Ответ на | Re: WIP: Data at rest encryption (Ants Aasma <ants.aasma@gmail.com>) |
| Список | pgsql-hackers |
On 6/12/16 3:13 AM, Ants Aasma wrote: >> 5. Instead of providing passphrase through environmental variable, >> > better to provide some options to pg_ctl etc. > That looks like it would be worse from a security perspective. > Integrating a passphrase prompt would be an option, but a way for > scripts to provide passphrases would still be needed. Environment variables and command-line options are visible to other processes on the machine, so neither of these approaches is really going to work. We would need some kind of integration with secure password-entry mechanisms, such as pinentry. Also note that all tools that work directly on the data directory would need password-entry and encryption/decryption support, including pg_basebackup, pg_controldata, pg_ctl, pg_receivexlog, pg_resetxlog, pg_rewind, pg_upgrade, pg_xlogdump. It seems that your implementation doesn't encrypt pg_control, thus avoiding some of that. But that doesn't seem right. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
В списке pgsql-hackers по дате отправления: