On 12/23/2015 8:16 AM, oleg yusim wrote:
To my knowledge, many databases are using what called TDE to encrypt data at rest and protect data from being accessed by attacker on host this way. Here is the reference to quick guide on it: https://www.simple-talk.com/sql/database-administration/transparent-data-encryption/
that article is talking about a specific feature of Microsoft SQL Server Enterprise Edition, which upon a quick skim sounds to me to be smoke and mirrors 'security-by-checklist' protection. If the encryption keys are stored on the system, then anyone with access to the raw data can decrypt it, no matter how much smoke and mirrors you wave around to obfuscate this fact.
In PostgreSQL 'shared memory' has a quite specific meaning, its referring to the pool of buffer memory (ram) shared by all postgres server processes. this is primarily used as the buffer cache. In a properly secured operating system, ONLY the postgres server processes have access to this shared memory segment, but the details of OS level memory management are outide postgres's scope, since its portable and designed to be able to run on most any OS that provides basic memory management, multiple processes, and a reliable/robust file system, with tcp/ip socket support.
-- john r pierce, recycling bits in santa cruz -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
