On Sun, Jun 12, 2016 at 5:13 PM, Ants Aasma <ants.aa...@gmail.com> wrote: > On Fri, Jun 10, 2016 at 5:23 AM, Haribabu Kommi > <kommi.harib...@gmail.com> wrote: > >> 2. Instead of depending on a contrib module for the encryption, how >> about integrating pgcrypto contrib in to the core and add that as a >> default encryption method. And also provide an option to the user >> to use a different encryption methods if needs. > > Technically that would be simple enough, this is more of a policy > decision. I think having builtin encryption provided by pgcrypto is > completely fine. If a consensus emerges that it needs to be > integrated, it would need to be a separate patch anyway.
In our proprietary database, we are using the encryption methods provided by openSSL [1]. May be we can have a look at those methods provided by openSSL for the use of encryption for builds under USE_SSL. Ignore it if you have already validated. >> 5. Instead of providing passphrase through environmental variable, >> better to provide some options to pg_ctl etc. > > That looks like it would be worse from a security perspective. > Integrating a passphrase prompt would be an option, but a way for > scripts to provide passphrases would still be needed. What I felt was, if we store the passphrase in an environmental variable, a person who is having an access to the system can get the details and using that it may be possible to decrypt the data files. [1] - https://www.openssl.org/docs/manmaster/crypto/EVP_EncryptInit.html Regards, Hari Babu Fujitsu Australia -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers