On 04/20/2018 03:55 PM, Vick Khera wrote:
On Fri, Apr 20, 2018 at 11:24 AM, Vikas Sharma <shavi...@gmail.com
<mailto:shavi...@gmail.com>> wrote:
Hello Guys,
Could someone throw light on the postgresql instance wide or database
wide encryption please? Is this possible in postgresql and been in use
in production?.
For anyone to offer a proper solution, you need to say what purpose your
encryption will serve. Does the data need to be encrypted at rest? Does it
need to be encrypted in memory? Does it need to be encrypted at the
database level or at the application level? Do you need to be able to
query the data? There are all sorts of scenarios and use cases, and you
need to be more specific.
For me, using whole-disk encryption solved my need, which was to ensure
that the data on disk cannot be read once removed from the server.
Someone really needs to explain that to me. My company-issued laptop has
WDE, and that's great for when the machine is shut down and I'm carrying it
from place to place, but when it's running, all the data is transparently
decrypted for every process that wants to read the data, including malware,
industrial spies,
Thus, unless you move your DB server on a regular basis, I can't see the
usefulness of WDE on a static machine.
For certain fields in one table, I use application level encryption so
only the application itself can see the original data. Anyone else
querying that table sees the encrypted blob, and it was not searchable.
--
Angular momentum makes the world go 'round.
