Re: [DOCS] Using Encryption Patch to Docs
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches It will be applied as soon as one of the PostgreSQL committers reviews and approves it. --- Christopher Browne wrote: > ? out > Index: runtime.sgml > === > RCS file: /projects/cvsroot/pgsql/doc/src/sgml/runtime.sgml,v > retrieving revision 1.315 > diff -u -r1.315 runtime.sgml > --- runtime.sgml 23 Apr 2005 03:27:40 - 1.315 > +++ runtime.sgml 29 Apr 2005 16:43:22 - > @@ -5109,6 +5109,132 @@ > > > > + > + Use of Encryption in PostgreSQL > + > +encryption > + > + > +There is increasing interest in having verifiable mechanisms > +to maintain the privacy of data in databases. In the United > +States, legislation called HIPAA (Health > +Insurance Portability and Accountability Act) requires that > +personal health information is handled securely. The European > +Union has similarly been developing directives as to how personal > +data is to be managed there. > + > +Questions frequently come up as to what functionality > +PostgreSQL offers with regard to > +supporting the use of data encryption. It uses and provides use of > +encryption tools in several ways that may be useful to provide > +protection against certain classes of attacks. > + > + > + > + Passwords stored in MD5 form > + > + Passwords are normally not stored in > + plaintext form in the database; they are hashed > + using the built-in MD5 function, and that is > + what is stored in the database. > + > + > +sample=# alter user foo password 'some dumb value'; > +ALTER USER > +sample=# select usename, passwd from pg_shadow where usename = 'foo'; > + usename | passwd > +-+- > + foo | md5740daa4aaa084d85eb97648084a43bbb > +(1 row) > + > + > + > + > + Connections protected using SSL > + > + There are various options to control how mandatory it is > + to use SSL to protect data connections. At the most > + paranoid end of the spectrum, you can configure > + pg_hba.conf to have the database reject > + connections that do not come in via > + SSL. > + > + The use of SSL, alone, is useful for protecting > + communications against interception. It may not be necessary > + for connections that take place across a carefully controlled > + network; if connections are coming in from less controlled > + sources, its use is highly recommended. > + > + Connections authenticated using SSL > + > + It is possible for both the client and server to provide > + to one another SSL keys or certificates. It takes some extra > + configuration on each side where these are used, but this likely > + provides stronger verification of identity than the mere use of a > + text password. > + > + Using OS level encryption for entire database > + partitions > + > + On Linux, encryption can be layered on top of a filesystem > + mount using what is called a loopback device; this > + permits having a whole filesystem partition be encrypted on disk, > + decrypted by the operating system. On FreeBSD, the equivalent > + facility is called GEOM Based Disk Encryption, or > + gbde. > + > + This mechanism may be expected to be useful for protecting > + against the threat that someone might pull disk drives out and > + try to install them somewhere else to draw data off of them. > + > + > + In contrast, this mechanism does nothing to protect > + against attacks when the filesystem is mounted, because when > + mounted, the OS provides a view of the filesystem > + accessible in plain text form. Furthermore, you need some way > + for the encryption key to be passed to the operating system in > + order to mount the filesystems, which encourages having the key > + accessible somewhere on the host that mounts the disk. > + > + > + Using the contrib function library > + pgcrypto so the database engine manages > + encryption of certain fields. > + > + If much of the data can be in plain text form, and only a > + subset is particularly sensitive, this mechanism supports > + treating them differently. The encrypted data is only ever > + presented in unencrypted form while it is being > + communicated between client and server, and the use of an SSL > + layer of superencryption alleviates that > + problem. > + > + Unfortunately, in this approach, the encryption keys need > + to be present on the server, even if only for a moment, which > + presents the possibility of them being
Re: [DOCS] [COMMITTERS] pgsql: Remove replicaiton FAQ item.
Martha Stewart called it a Good Thing when [email protected] (Bruce Momjian) wrote: > Yep, big mistake my removing the replication FAQ item. I have re-added a > new one: > > 4.21) What replication solutions are available? > > Though "replication" is a single term, there are two major replication > technologies. Multi-master replication allows read/write queries to be > sent to multiple replicated computers. Using this capability has a > serious performance impact. Pgcluster is the most popular such solution > available for PostgreSQL. Master-slave replication allows a single > master to receive read/write queries, with slaves able to accept only > read/SELECT queries. The most popular master-slave PostgreSQL > replication solution is Slony. There are also commercial and > hardware-based replication solutions available. A suggestion for rewording: Though "replication" is a single term, there are a number of approaches and technologies to handle it, and thus, for different purposes, a number of replication systems are available. Master/slave replication allows a single master to receive read/write queries, where slaves can only accept read/SELECT queries. The most popular freely available master-slave PostgreSQL replication solution is Slony-I. Multi-master replication allows read/write queries to be sent to multiple replicated computers. Using this capability generaly has a fairly severe impact on performance due to the need to synchronize changes between servers. Pgcluster is the most popular such solution freely available for PostgreSQL. There are also commercial and hardware-based replication solutions available supporting a variety of replication models. -- (format nil "[EMAIL PROTECTED]" "cbbrowne" "acm.org") http://linuxdatabases.info/info/slony.html "It can be shown that for any nutty theory, beyond-the-fringe political view or strange religion there exists a proponent on the Net. The proof is left as an exercise for your kill-file." -- Bertil Jonell ---(end of broadcast)--- TIP 6: Have you searched our list archives? http://archives.postgresql.org
Re: [DOCS] [COMMITTERS] pgsql: Remove replicaiton FAQ item.
OK, updated: Though "replication" is a single term, there are several technologies for doing replication, with advantages and disadvantages for each. Master/slave replication allows a single master to receive read/write queries, while slaves can only accept read/SELECT queries. The most popular freely available master-slave PostgreSQL replication solution is http://gborg.postgresql.org/project/slony1/projdisplay$ Slony-I. Multi-master replication allows read/write queries to be sent to multiple replicated computers. This capability also has a severe impact on performance due to the need to synchronize changes between servers. http://pgfoundry.org/projects/pgcluster/";>Pgcluster is the most popular such solution freely available for PostgreSQL. There are also commercial and hardware-based replication solutions available supporting a variety of replication models. --- Christopher Browne wrote: > Martha Stewart called it a Good Thing when [email protected] (Bruce > Momjian) wrote: > > Yep, big mistake my removing the replication FAQ item. I have re-added a > > new one: > > > > 4.21) What replication solutions are available? > > > > Though "replication" is a single term, there are two major replication > > technologies. Multi-master replication allows read/write queries to be > > sent to multiple replicated computers. Using this capability has a > > serious performance impact. Pgcluster is the most popular such solution > > available for PostgreSQL. Master-slave replication allows a single > > master to receive read/write queries, with slaves able to accept only > > read/SELECT queries. The most popular master-slave PostgreSQL > > replication solution is Slony. There are also commercial and > > hardware-based replication solutions available. > > A suggestion for rewording: > > Though "replication" is a single term, there are a number of > approaches and technologies to handle it, and thus, for different > purposes, a number of replication systems are available. > > Master/slave replication allows a single master to receive read/write > queries, where slaves can only accept read/SELECT queries. The most > popular freely available master-slave PostgreSQL replication solution > is Slony-I. > > Multi-master replication allows read/write queries to be sent to > multiple replicated computers. Using this capability generaly has a > fairly severe impact on performance due to the need to synchronize > changes between servers. Pgcluster is the most popular such solution > freely available for PostgreSQL. > > There are also commercial and hardware-based replication solutions > available supporting a variety of replication models. > -- > (format nil "[EMAIL PROTECTED]" "cbbrowne" "acm.org") > http://linuxdatabases.info/info/slony.html > "It can be shown that for any nutty theory, beyond-the-fringe > political view or strange religion there exists a proponent on the > Net. The proof is left as an exercise for your kill-file." > -- Bertil Jonell > > ---(end of broadcast)--- > TIP 6: Have you searched our list archives? > >http://archives.postgresql.org > -- Bruce Momjian| http://candle.pha.pa.us [email protected] | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup.| Newtown Square, Pennsylvania 19073 ---(end of broadcast)--- TIP 8: explain analyze is your friend
