Tomas Zerolo wrote: > >> If there were a way to prompt the user for the password to an encrypted >> drive on startup for all OS, with an equivalent for headless machines... > > There definitely is. We even need more flexibility: prompt for > credentials at the time of *mounting* a secured partition (this might be > the time you put in a thumb drive, or the time where you take this > particular secured database on-line). >
There is a difference between "it's possible" and "there is". I know of no such standard support of either of the standard OSes. Tomas Zerolo wrote: > >> then perhaps encrypted drives would be practical enough to be used by >> psql. >> At the moment, the bootup sequence and requirements of psql mean its only >> really an option for user-started servers. An alternative is necessary. > > There would be two steps: unlock database (starting the server), connect > to it. If that's unpractical, remember: client-side decryption. The > server _never_ sees the decrypted data (and more important: the > decryption key). The only point of failure is the client (and the client > is a point of failure in any case). > Ignore client side issues... that's a separate problem. The threat case here is a stolen desktop/laptop/server where the attacker rips out the hard drive to peak inside. -- View this message in context: http://www.nabble.com/RFE%3A-Transparent-encryption-on-all-fields-tp23195216p23252021.html Sent from the PostgreSQL - hackers mailing list archive at Nabble.com. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers