SlideShare a Scribd company logo

PostgreSQL instance encryption: More database security

H
Hans-Jürgen Schönig

The document discusses a PostgreSQL instance-level encryption solution developed by Cybertec, addressing customer needs for legal and internal encryption requirements without relying on expensive commercial software. It details the implementation of block-level encryption, the specific components being encrypted, and the technology used, including an extensible mechanism in pgcrypto. The author encourages the use of open-source solutions over commercial products and provides a link to access the code under the PostgreSQL license.

Data & Analytics
1 of 21
Downloaded 14 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Full PostgreSQL instance encryption Hans-Jürgen Schönig www.postgresql-support.de Hans-Jürgen Schönig www.postgresql-support.de
First of all Hans-Jürgen Schönig www.postgresql-support.de
Did . . . Did everybody have a good time in Tallinn? Hans-Jürgen Schönig www.postgresql-support.de
Introduction Hans-Jürgen Schönig www.postgresql-support.de
Cybertec Schönig & Schönig GmbH 24x7 support for PostgreSQL PostgreSQL training PostgreSQL consulting Hans-Jürgen Schönig www.postgresql-support.de
Get more out of PostgreSQL Hans-Jürgen Schönig www.postgresql-support.de
PostgreSQL features PostgreSQL provides many features Many “Enterprise” features are available e.g. replication, analytics, etc. Hans-Jürgen Schönig www.postgresql-support.de
Missing stuff Nothing is feature complete Once in a while everybody finds missing parts Hans-Jürgen Schönig www.postgresql-support.de
Sponsoring vs. licensing Remember, PostgreSQL is Open Source Sponsoring a feature is often cheaper than buying commercial licenses No need to chain yourself to a commercial vendor Hans-Jürgen Schönig www.postgresql-support.de
Database encryption: An example Hans-Jürgen Schönig www.postgresql-support.de
Specific customer requirements Customer could only provide encryption based on expensive commercial software Encryption is needed to fulfill legal and internal requirements Hans-Jürgen Schönig www.postgresql-support.de
Making it work Implement highly optimized code to handle encryption on the block level in PostgreSQL Totally transparent to the end user Keys can be stored in a key store of your choice Hans-Jürgen Schönig www.postgresql-support.de
What it does We encrypt: Tables Indexes Temporary files Full WAL encryption Commit Log (clog) More stuff: Subtransaction directories, MultiXact . . . What we do not encrypt (yet): pg_stat_statements, logical replication buffers, control data (on purpose) Hans-Jürgen Schönig www.postgresql-support.de
Encryption technology Extensible mechanism Included in pgcrypto: AES-XTS 128 Future versions will use Intel hardware support Current prototype does 4 GB / sec per core ! Hans-Jürgen Schönig www.postgresql-support.de
Good news We all got encryption now Not yet in core but available to end users already with full professional support Patch on hackers Anybody willing to feedback? Hans-Jürgen Schönig www.postgresql-support.de
Commercial success Writing code + integrating was cheaper than just integrating commercial stuff Makes sense for everybody Customer Community Hans-Jürgen Schönig www.postgresql-support.de
What we learn from this Have the guts and the conviction to do what is right Think for yourself Find solutions to YOUR problems Do not change your requirements just because some commercial vendor forces you to do so Benefit from Open Source Invest wisely Hans-Jürgen Schönig www.postgresql-support.de
Where can we get the code? Our website has the code: http://www.cybertec.at/en/products/postgresql-instance- level-encryption/ It is under PostgreSQL license Hans-Jürgen Schönig www.postgresql-support.de
Finally Hans-Jürgen Schönig www.postgresql-support.de
Any questions? Feel free to ask Hans-Jürgen Schönig www.postgresql-support.de
Contact us Cybertec Schönig & Schönig GmbH Email: office@cybertec.at Web: www.postgresql-support.de Follow us on Twitter: @PostgresSupport Hans-Jürgen Schönig www.postgresql-support.de

More Related Content

PDF
PostgreSQL Replication Tutorial
Hans-Jürgen Schönig
 
PDF
PostgreSQL High_Performance_Cheatsheet
Lucian Oprea
 
PDF
Troubleshooting PostgreSQL with pgCenter
Alexey Lesovsky
 
PDF
Postgres
Jeff Dickey
 
PDF
Как PostgreSQL работает с диском
PostgreSQL-Consulting
 
PDF
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
PostgreSQL-Consulting
 
ODP
PostgreSQL Administration for System Administrators
Command Prompt., Inc
 
PPTX
Http Caching for the Android Aficionado
Paul Blundell
 
PostgreSQL Replication Tutorial
Hans-Jürgen Schönig
 
PostgreSQL High_Performance_Cheatsheet
Lucian Oprea
 
Troubleshooting PostgreSQL with pgCenter
Alexey Lesovsky
 
Postgres
Jeff Dickey
 
Как PostgreSQL работает с диском
PostgreSQL-Consulting
 
How does PostgreSQL work with disks: a DBA's checklist in detail. PGConf.US 2015
PostgreSQL-Consulting
 
PostgreSQL Administration for System Administrators
Command Prompt., Inc
 
Http Caching for the Android Aficionado
Paul Blundell
 

What's hot (19)

PDF
Infinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum
 
PDF
Nine Circles of Inferno or Explaining the PostgreSQL Vacuum
Alexey Lesovsky
 
PDF
To Ksql Or Live the KStream
Dani Traphagen
 
PDF
Chef patterns
Biju Nair
 
PDF
PostgreSQL Streaming Replication Cheatsheet
Alexey Lesovsky
 
PDF
Clug 2012 March web server optimisation
grooverdan
 
PDF
Out of the box replication in postgres 9.4(pg confus)
Denish Patel
 
PPTX
MySQL Replication
orczhou
 
PDF
Tuning Linux for Databases.
Alexey Lesovsky
 
PDF
Java In-Process Caching - Performance, Progress and Pittfalls
cruftex
 
PPTX
Webinar: Tales from the Field - 48 Hours to Data Centre Recovery
MongoDB
 
PPTX
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
Ontico
 
PDF
Odoo Performance Limits
Odoo
 
PDF
Caching. api. http 1.1
Artjoker Digital
 
PPTX
Example R usage for oracle DBA UKOUG 2013
BertrandDrouvot
 
PPTX
Oracle: Binding versus caging
BertrandDrouvot
 
PDF
...Lag
Samantha Billington
 
PPT
Ash masters : advanced ash analytics on Oracle
Kyle Hailey
 
PDF
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Gulcin Yildirim Jelinek
 
Infinum Android Talks #18 - How to cache like a boss by Željko Plesac
Infinum
 
Nine Circles of Inferno or Explaining the PostgreSQL Vacuum
Alexey Lesovsky
 
To Ksql Or Live the KStream
Dani Traphagen
 
Chef patterns
Biju Nair
 
PostgreSQL Streaming Replication Cheatsheet
Alexey Lesovsky
 
Clug 2012 March web server optimisation
grooverdan
 
Out of the box replication in postgres 9.4(pg confus)
Denish Patel
 
MySQL Replication
orczhou
 
Tuning Linux for Databases.
Alexey Lesovsky
 
Java In-Process Caching - Performance, Progress and Pittfalls
cruftex
 
Webinar: Tales from the Field - 48 Hours to Data Centre Recovery
MongoDB
 
100500 способов кэширования в Oracle Database или как достичь максимальной ск...
Ontico
 
Odoo Performance Limits
Odoo
 
Caching. api. http 1.1
Artjoker Digital
 
Example R usage for oracle DBA UKOUG 2013
BertrandDrouvot
 
Oracle: Binding versus caging
BertrandDrouvot
 
...Lag
Samantha Billington
 
Ash masters : advanced ash analytics on Oracle
Kyle Hailey
 
Managing PostgreSQL with Ansible - FOSDEM PGDay 2016
Gulcin Yildirim Jelinek
 
Ad

Viewers also liked (11)

PDF
PostgreSQL: Joining 1 million tables
Hans-Jürgen Schönig
 
PDF
5min analyse
Hans-Jürgen Schönig
 
ODP
PostgreSQL: Welcome To Total Security
Robert Bernier
 
PDF
Walbouncer: Filtering PostgreSQL transaction log
Hans-Jürgen Schönig
 
PDF
Explain explain
Hans-Jürgen Schönig
 
PDF
PostgreSQL: Eigene Aggregate schreiben
Hans-Jürgen Schönig
 
PDF
PostgreSQL: The NoSQL way
Hans-Jürgen Schönig
 
PDF
PostgreSQL: Advanced indexing
Hans-Jürgen Schönig
 
PDF
Secure PostgreSQL deployment
Command Prompt., Inc
 
PDF
Security Best Practices for your Postgres Deployment
PGConf APAC
 
PDF
PostgreSQL: Data analysis and analytics
Hans-Jürgen Schönig
 
PostgreSQL: Joining 1 million tables
Hans-Jürgen Schönig
 
5min analyse
Hans-Jürgen Schönig
 
PostgreSQL: Welcome To Total Security
Robert Bernier
 
Walbouncer: Filtering PostgreSQL transaction log
Hans-Jürgen Schönig
 
Explain explain
Hans-Jürgen Schönig
 
PostgreSQL: Eigene Aggregate schreiben
Hans-Jürgen Schönig
 
PostgreSQL: The NoSQL way
Hans-Jürgen Schönig
 
PostgreSQL: Advanced indexing
Hans-Jürgen Schönig
 
Secure PostgreSQL deployment
Command Prompt., Inc
 
Security Best Practices for your Postgres Deployment
PGConf APAC
 
PostgreSQL: Data analysis and analytics
Hans-Jürgen Schönig
 
Ad

Similar to PostgreSQL instance encryption: More database security (20)

PDF
NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
GetInData
 
PPTX
ScriptRunner introduction
Heiko Brenn
 
PDF
Mpole system introduction 2018
Guisun Han
 
PPTX
Disruptive Innovation at Cloudflare
Zack Bloom
 
PDF
Agile Secure Development
Bosnia Agile
 
PDF
Telemetry: The Overlooked Treasure in Axon Server-Centric Applications
Richard Bouška
 
PDF
DevOps Days Austin 2014 - Vendor DEMO
stonevil
 
PPT
Anton's Log Management 'Worst Practices'
Anton Chuvakin
 
PPTX
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
 
PDF
Pinterest - Big Data Machine Learning Platform at Pinterest
Alluxio, Inc.
 
PDF
Predicting Startup Market Trends based on the news and social media - Albert ...
GetInData
 
PPS
Digital Signage for Retail
dsignguy
 
PDF
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
Bloombase
 
PPTX
Care and feeding of your website
Shawn DeWolfe
 
PPS
Digital Signage for Auto Retailers
dsignguy
 
PPS
Digital Signage for Public Spaces
dsignguy
 
PDF
SaaS - Software as a Service - Charles University - Prague - March 2013
Jaroslav Gergic
 
PPTX
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Intel® Software
 
PDF
LeanJS - Lean startup with JavaScript
Johannes Weber
 
PDF
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 
NLP for videos: Understanding customers' feelings in videos - Albert Lewandow...
GetInData
 
ScriptRunner introduction
Heiko Brenn
 
Mpole system introduction 2018
Guisun Han
 
Disruptive Innovation at Cloudflare
Zack Bloom
 
Agile Secure Development
Bosnia Agile
 
Telemetry: The Overlooked Treasure in Axon Server-Centric Applications
Richard Bouška
 
DevOps Days Austin 2014 - Vendor DEMO
stonevil
 
Anton's Log Management 'Worst Practices'
Anton Chuvakin
 
Implementing and Running SIEM: Approaches and Lessons
Anton Chuvakin
 
Pinterest - Big Data Machine Learning Platform at Pinterest
Alluxio, Inc.
 
Predicting Startup Market Trends based on the news and social media - Albert ...
GetInData
 
Digital Signage for Retail
dsignguy
 
Hpe bloombase store safe kmip integration license - 1 cpu core - with hpe -...
Bloombase
 
Care and feeding of your website
Shawn DeWolfe
 
Digital Signage for Auto Retailers
dsignguy
 
Digital Signage for Public Spaces
dsignguy
 
SaaS - Software as a Service - Charles University - Prague - March 2013
Jaroslav Gergic
 
Getting Space Pirate Trainer* to Perform on Intel® Graphics
Intel® Software
 
LeanJS - Lean startup with JavaScript
Johannes Weber
 
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 

Recently uploaded (20)

PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PDF
Business Analytics and business intelligence.pdf
khalidisah4750
 
PPTX
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
PPTX
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
PPTX
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
PPTX
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
PPTX
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
PPTX
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
PPTX
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
PPTX
Computer network topology notes for revision
BatoolRawat
 
PDF
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
PPTX
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
PPT
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
PPTX
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
PPTX
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
PDF
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
PPTX
Qualitative Qantitative and Mixed Methods.pptx
AhmaduMohammed
 
PDF
Introduction to Data Science and Data Analysis
Suraj Patil
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
Business Analytics and business intelligence.pdf
khalidisah4750
 
IB Computer Science - Internal Assessment.pptx
agarwal18harsh08
 
The THESIS FINAL-DEFENSE-PRESENTATION.pptx
hshakobe3
 
Data_Analytics_and_PowerBI_Presentation.pptx
ZubyrAhmed
 
Market Analysis -202507- Wind-Solar+Hybrid+Street+Lights+for+the+North+Amer...
LEDLUXX Smart Lite TEC
 
mbdjdhjjodule 5-1 rhfhhfjtjjhafbrhfnfbbfnb
CHINTU5000
 
Acceptance and paychological effects of mandatory extra coach I classes.pptx
ZaheerAhmad228692
 
ALIMENTARY AND BILIARY CONDITIONS 3-1.pptx
chepkoitcheruiyot
 
Computer network topology notes for revision
BatoolRawat
 
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
IBA_Chapter_11_Slides_Final_Accessible.pptx
SrikantKapoor1
 
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
Introduction-to-Cloud-ComputingFinal.pptx
testnet29393883
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
oil_refinery_comprehensive_20250804084928 (1).pptx
TusharPrajapati65
 
BF and FI - Blockchain, fintech and Financial Innovation Lesson 2.pdf
JamesWilliams752225
 
Qualitative Qantitative and Mixed Methods.pptx
AhmaduMohammed
 
Introduction to Data Science and Data Analysis
Suraj Patil
 

PostgreSQL instance encryption: More database security

  • 1. Full PostgreSQL instance encryption Hans-Jürgen Schönig www.postgresql-support.de Hans-Jürgen Schönig www.postgresql-support.de
  • 2. First of all Hans-Jürgen Schönig www.postgresql-support.de
  • 3. Did . . . Did everybody have a good time in Tallinn? Hans-Jürgen Schönig www.postgresql-support.de
  • 5. Cybertec Schönig & Schönig GmbH 24x7 support for PostgreSQL PostgreSQL training PostgreSQL consulting Hans-Jürgen Schönig www.postgresql-support.de
  • 6. Get more out of PostgreSQL Hans-Jürgen Schönig www.postgresql-support.de
  • 7. PostgreSQL features PostgreSQL provides many features Many “Enterprise” features are available e.g. replication, analytics, etc. Hans-Jürgen Schönig www.postgresql-support.de
  • 8. Missing stuff Nothing is feature complete Once in a while everybody finds missing parts Hans-Jürgen Schönig www.postgresql-support.de
  • 9. Sponsoring vs. licensing Remember, PostgreSQL is Open Source Sponsoring a feature is often cheaper than buying commercial licenses No need to chain yourself to a commercial vendor Hans-Jürgen Schönig www.postgresql-support.de
  • 10. Database encryption: An example Hans-Jürgen Schönig www.postgresql-support.de
  • 11. Specific customer requirements Customer could only provide encryption based on expensive commercial software Encryption is needed to fulfill legal and internal requirements Hans-Jürgen Schönig www.postgresql-support.de
  • 12. Making it work Implement highly optimized code to handle encryption on the block level in PostgreSQL Totally transparent to the end user Keys can be stored in a key store of your choice Hans-Jürgen Schönig www.postgresql-support.de
  • 13. What it does We encrypt: Tables Indexes Temporary files Full WAL encryption Commit Log (clog) More stuff: Subtransaction directories, MultiXact . . . What we do not encrypt (yet): pg_stat_statements, logical replication buffers, control data (on purpose) Hans-Jürgen Schönig www.postgresql-support.de
  • 14. Encryption technology Extensible mechanism Included in pgcrypto: AES-XTS 128 Future versions will use Intel hardware support Current prototype does 4 GB / sec per core ! Hans-Jürgen Schönig www.postgresql-support.de
  • 15. Good news We all got encryption now Not yet in core but available to end users already with full professional support Patch on hackers Anybody willing to feedback? Hans-Jürgen Schönig www.postgresql-support.de
  • 16. Commercial success Writing code + integrating was cheaper than just integrating commercial stuff Makes sense for everybody Customer Community Hans-Jürgen Schönig www.postgresql-support.de
  • 17. What we learn from this Have the guts and the conviction to do what is right Think for yourself Find solutions to YOUR problems Do not change your requirements just because some commercial vendor forces you to do so Benefit from Open Source Invest wisely Hans-Jürgen Schönig www.postgresql-support.de
  • 18. Where can we get the code? Our website has the code: http://www.cybertec.at/en/products/postgresql-instance- level-encryption/ It is under PostgreSQL license Hans-Jürgen Schönig www.postgresql-support.de
  • 20. Any questions? Feel free to ask Hans-Jürgen Schönig www.postgresql-support.de
  • 21. Contact us Cybertec Schönig & Schönig GmbH Email: office@cybertec.at Web: www.postgresql-support.de Follow us on Twitter: @PostgresSupport Hans-Jürgen Schönig www.postgresql-support.de