On Thu, Oct 3, 2019 at 4:40 PM Stephen Frost <sfr...@snowman.net> wrote:
> > * Robert Haas (robertmh...@gmail.com) wrote: > > On Mon, Sep 30, 2019 at 5:26 PM Bruce Momjian <br...@momjian.us> wrote: > > > For full-cluster Transparent Data Encryption (TDE), the current plan is > > > to encrypt all heap and index files, WAL, and all pgsql_tmp (work_mem > > > overflow). The plan is: > > > > > > > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#TODO_for_Full-Cluster_Encryption > > > > > > We don't see much value to encrypting vm, fsm, pg_xact, pg_multixact, > or > > > other files. Is that correct? Do any other PGDATA files contain user > > > data? > > > > As others have said, that sounds wrong to me. I think you need to > > encrypt everything. > > That isn't what other database systems do though and isn't what people > actually asking for this feature are expecting to have or deal with. > Do any of said other database even *have* the equivalence of say pg_clog or pg_multixact *stored outside their tablespaces*? (Because as long as the data is in the tablespace, it's encrypted when using tablespace encryption..) -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
