On Tue, Aug 22, 2017 at 2:48 PM, rakeshkumar464
<rakeshkumar...@outlook.com> wrote:
> We have a requirement to encrypt the entire database.  What is the best tool
> to accomplish this. Our primary goal is that it should be transparent to the
> application, with no change in the application, as compared to un-encrypted
> database. Reading about pgcrypto module, it seems it is good for few columns
> only and using it to encrypt entire database is not a good use-case.
> Is this which can be done best by file level encryption?  What are the good
> tools on Linux (RHES), preferably open-source.
> Thanks

In addition to the link that Joshua gave you, there is this:

Personally, what I'd do (and actually do at work) is to us LUKS. This
is a "full disk encryption". When the filesystem is mounted, the
system asks for the password. Unfortunately, this method allows all
users who have the proper authority (UNIX & SELinux) to read (maybe
write) the underlying files. Of course, a properly secured environment
would not allow this, but systems can be hacked. And it does not
address any off-filesystem backups, which would need to be separately
encrypted. LUKS is a good method, IMO, to protect the data if the
media is stolen, but not for protecting the individual files from
improper access. SELinux is pretty good at that.

If you look around the poker table & don't see an obvious sucker, it's you.

Maranatha! <><
John McKown

Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:

Reply via email to