Re: Postgresql database encryption

On 04/20/2018 05:43 PM, Ron wrote:
>
>
> On 04/20/2018 06:11 PM, Stephen Frost wrote:
>> Greetings,
>>
>> * Ron (ronljohnsonjr@gmail.com) wrote:
>>> On 04/20/2018 03:55 PM, Vick Khera wrote:
>>>> On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavikas@gmail.com
>>>> For anyone to offer a proper solution, you need to say what purpose 
>>>> your
>>>> encryption will serve. Does the data need to be encrypted at rest? 
>>>> Does it
>>>> need to be encrypted in memory? Does it need to be encrypted at the
>>>> database level or at the application level? Do you need to be able to
>>>> query the data? There are all sorts of scenarios and use cases, and 
>>>> you
>>>> need to be more specific.
>>>>
>>>> For me, using whole-disk encryption solved my need, which was to 
>>>> ensure
>>>> that the data on disk cannot be read once removed from the server.
>>> Someone really needs to explain that to me. My company-issued laptop 
>>> has
>>> WDE, and that's great for when the machine is shut down and I'm 
>>> carrying it
>>> from place to place, but when it's running, all the data is 
>>> transparently
>>> decrypted for every process that wants to read the data, including 
>>> malware,
>>> industrial spies,
>>>
>>> Thus, unless you move your DB server on a regular basis, I can't see 
>>> the
>>> usefulness of WDE on a static machine.
>> The typical concern (aka, attack vector) isn't around moving the DB
>> server on a regular basis or about someone breaking into your data
>> center and stealing your drives, it's making sure that disposal of
>> equipment doesn't result in valuable data being retained on the
>> drives when they leave the data center for replacement or disposal.
>
> That makes some sense, but years of added CPU overhead to mitigate a 
> problem that could be solved by writing zeros to the disk as a step in 
> the decomm process seems more than a bit wasteful.
>
>
Well you probably need to drive a nail through the drive but that's a 
technical detail :)