diff options
Diffstat (limited to 'doc/src/sgml/html/encryption-options.html')
-rw-r--r-- | doc/src/sgml/html/encryption-options.html | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/doc/src/sgml/html/encryption-options.html b/doc/src/sgml/html/encryption-options.html new file mode 100644 index 0000000..53dfec2 --- /dev/null +++ b/doc/src/sgml/html/encryption-options.html @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>18.8. Encryption Options</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="preventing-server-spoofing.html" title="18.7. Preventing Server Spoofing" /><link rel="next" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL" /></head><body id="docContent" class="container-fluid col-10"><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">18.8. Encryption Options</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="preventing-server-spoofing.html" title="18.7. Preventing Server Spoofing">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><th width="60%" align="center">Chapter 18. Server Setup and Operation</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="ENCRYPTION-OPTIONS"><div class="titlepage"><div><div><h2 class="title" style="clear: both">18.8. Encryption Options</h2></div></div></div><a id="id-1.6.5.11.2" class="indexterm"></a><p> + <span class="productname">PostgreSQL</span> offers encryption at several + levels, and provides flexibility in protecting data from disclosure + due to database server theft, unscrupulous administrators, and + insecure networks. Encryption might also be required to secure + sensitive data such as medical records or financial transactions. + </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Password Encryption</span></dt><dd><p> + Database user passwords are stored as hashes (determined by the setting + <a class="xref" href="runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION">password_encryption</a>), so the administrator cannot + determine the actual password assigned to the user. If SCRAM or MD5 + encryption is used for client authentication, the unencrypted password is + never even temporarily present on the server because the client encrypts + it before being sent across the network. SCRAM is preferred, because it + is an Internet standard and is more secure than the PostgreSQL-specific + MD5 authentication protocol. + </p></dd><dt><span class="term">Encryption For Specific Columns</span></dt><dd><p> + The <a class="xref" href="pgcrypto.html" title="F.25. pgcrypto">pgcrypto</a> module allows certain fields to be + stored encrypted. + This is useful if only some of the data is sensitive. + The client supplies the decryption key and the data is decrypted + on the server and then sent to the client. + </p><p> + The decrypted data and the decryption key are present on the + server for a brief time while it is being decrypted and + communicated between the client and server. This presents a brief + moment where the data and keys can be intercepted by someone with + complete access to the database server, such as the system + administrator. + </p></dd><dt><span class="term">Data Partition Encryption</span></dt><dd><p> + Storage encryption can be performed at the file system level or the + block level. Linux file system encryption options include eCryptfs + and EncFS, while FreeBSD uses PEFS. Block level or full disk + encryption options include dm-crypt + LUKS on Linux and GEOM + modules geli and gbde on FreeBSD. Many other operating systems + support this functionality, including Windows. + </p><p> + This mechanism prevents unencrypted data from being read from the + drives if the drives or the entire computer is stolen. This does + not protect against attacks while the file system is mounted, + because when mounted, the operating system provides an unencrypted + view of the data. However, to mount the file system, you need some + way for the encryption key to be passed to the operating system, + and sometimes the key is stored somewhere on the host that mounts + the disk. + </p></dd><dt><span class="term">Encrypting Data Across A Network</span></dt><dd><p> + SSL connections encrypt all data sent across the network: the + password, the queries, and the data returned. The + <code class="filename">pg_hba.conf</code> file allows administrators to specify + which hosts can use non-encrypted connections (<code class="literal">host</code>) + and which require SSL-encrypted connections + (<code class="literal">hostssl</code>). Also, clients can specify that they + connect to servers only via SSL. + </p><p> + GSSAPI-encrypted connections encrypt all data sent across the network, + including queries and data returned. (No password is sent across the + network.) The <code class="filename">pg_hba.conf</code> file allows + administrators to specify which hosts can use non-encrypted connections + (<code class="literal">host</code>) and which require GSSAPI-encrypted connections + (<code class="literal">hostgssenc</code>). Also, clients can specify that they + connect to servers only on GSSAPI-encrypted connections + (<code class="literal">gssencmode=require</code>). + </p><p> + <span class="application">Stunnel</span> or + <span class="application">SSH</span> can also be used to encrypt + transmissions. + </p></dd><dt><span class="term">SSL Host Authentication</span></dt><dd><p> + It is possible for both the client and server to provide SSL + certificates to each other. It takes some extra configuration + on each side, but this provides stronger verification of identity + than the mere use of passwords. It prevents a computer from + pretending to be the server just long enough to read the password + sent by the client. It also helps prevent <span class="quote">“<span class="quote">man in the middle</span>”</span> + attacks where a computer between the client and server pretends to + be the server and reads and passes all data between the client and + server. + </p></dd><dt><span class="term">Client-Side Encryption</span></dt><dd><p> + If the system administrator for the server's machine cannot be trusted, + it is necessary + for the client to encrypt the data; this way, unencrypted data + never appears on the database server. Data is encrypted on the + client before being sent to the server, and database results have + to be decrypted on the client before being used. + </p></dd></dl></div></div><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navfooter"><hr></hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="preventing-server-spoofing.html" title="18.7. Preventing Server Spoofing">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Next</a></td></tr><tr><td width="40%" align="left" valign="top">18.7. Preventing Server Spoofing </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 13.4 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 18.9. Secure TCP/IP Connections with SSL</td></tr></table></div></body></html>
\ No newline at end of file |