Greetings, * David Hedberg (david.hedb...@gmail.com) wrote: > I recently wanted a way to encrypt/decrypt backups while still > utilizing the parallel dump/restore functionality. I couldn't see a > way to do this so I experimented a bit with the directory backup > format. If there's in fact already a way to do this, please tell me > now :-)
Supporting encryption/decryption is certainly a good idea but I'm not sure that we want to punt like this and expect the user to provide a shell script or similar to do it. I would have thought we'd build in encryption leveraging openssl (and, ideally, other providers, similar to what we're working to do with SSL) directly. > The idea is to add a --pipe option to pg_dump / pg_restore where you > can specify a custom shell command that is used to write / read each > .dat-file. Usage examples include encryption with pgp and/or custom > compression pipelines. %p in the command is expanded to the path to > write to / read from. The pipe command is not applied to the toc. I would certainly think that we'd want to have support for custom format dumps too.. > The current version is attached. Could something like this be > acceptable for inclusion? At least for my 2c, I'm not completely against it, but I'd much rather see us providing encryption directly and for all of the formats we support, doing intelligent things like encrypting the TOC for a custom format dump independently so we can still support fast restore of individual objects and such. I'm also not entirely sure about how well this proposed approach would work on Windows.. Thanks! Stephen
signature.asc
Description: PGP signature
