Given that the client does not write pages to the disk, this would be
back-end encryption. Just out of curiosity, what threat model does this
sort of encryption protect against? Surely any attacker who can read
the files off the disk can also get the password used to encrypt them.
Or would this be provided by the client and kept in RAM only?
Paul Tillotson
Murat,
For our research project, I need to implement an encryption support for
Postgressql. At this current phase, I need to at least support page
level encryption In other words, each page that belongs to a certain
sensitive table will be stored encrypted on the harddisk.
Are you planning on doing the decryption on the back-end, or on the client?
It certainly seems to me that doing it on the client would make more sense;
if the data is decrypted on the back-end, then you will still need the
overhead of an SSL connection.
In any case, I'm glad that you're looking into this; encryption-on-disk is one
of those "missing features" that we might never have gotten around to as a
project ...
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
