agora inbox for [email protected]
help / color / mirror / Atom feedFrom: Antonin Houska <[email protected]>
To: Matthias van de Meent <[email protected]>
Cc: Robert Haas <[email protected]>
Cc: Stephen Frost <[email protected]>
Cc: PostgreSQL Hackers <[email protected]>
Subject: Re: Temporary file access API
Date: Wed, 13 Apr 2022 08:30:28 +0200
Message-ID: <2346.1649831428@antos> (raw)
In-Reply-To: <CAEze2WgK=8fBtY2CcCffqCrux4wKYFEiRVpkoPMMVaRjDq6Cpg@mail.gmail.com>
References: <4987.1644323098@antos>
<[email protected]>
<27013.1646738099@antos>
<CA+TgmobnojZw6mZi0T_61RtUDgsxroYhp+DJU5Yhz6caxUrQgw@mail.gmail.com>
<3146.1649408068@antos>
<CA+TgmobQM4Yym3944tFpcaJX4EfYs92Vv4NCY3V0R5BE4RU2rg@mail.gmail.com>
<2132.1649664364@antos>
<CAEze2WgK=8fBtY2CcCffqCrux4wKYFEiRVpkoPMMVaRjDq6Cpg@mail.gmail.com>
Matthias van de Meent <[email protected]> wrote:
> On Mon, 11 Apr 2022 at 10:05, Antonin Houska <[email protected]> wrote:
> >
> > There are't really that many kinds of files to encrypt:
> >
> > https://wiki.postgresql.org/wiki/Transparent_Data_Encryption#List_of_the_files_that_contain_user_dat...
> >
> > (And pg_stat/* files should be removed from the list.)
>
> I was looking at that list of files that contain user data, and
> noticed that all relation forks except the main fork were marked as
> 'does not contain user data'. To me this seems not necessarily true:
> AMs do have access to forks for user data storage as well (without any
> real issues or breaking the abstraction), and the init-fork is
> expected to store user data (specifically in the form of unlogged
> sequences). Shouldn't those forks thus also be encrypted-by-default,
> or should we provide some other method to ensure that non-main forks
> with user data are encrypted?
Thanks. I've updated the wiki page (also included Robert's comments).
--
Antonin Houska
Web: https://www.cybertec-postgresql.com
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
Subject: Re: Temporary file access API
In-Reply-To: <2346.1649831428@antos>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox