1 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
2 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>18.8. Encryption Options</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="preventing-server-spoofing.html" title="18.7. Preventing Server Spoofing" /><link rel="next" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">18.8. Encryption Options</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="preventing-server-spoofing.html" title="18.7. Preventing Server Spoofing">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><th width="60%" align="center">Chapter 18. Server Setup and Operation</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 18.0 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Next</a></td></tr></table><hr /></div><div class="sect1" id="ENCRYPTION-OPTIONS"><div class="titlepage"><div><div><h2 class="title" style="clear: both">18.8. Encryption Options <a href="#ENCRYPTION-OPTIONS" class="id_link">#</a></h2></div></div></div><a id="id-1.6.5.11.2" class="indexterm"></a><p>
3 <span class="productname">PostgreSQL</span> offers encryption at several
4 levels, and provides flexibility in protecting data from disclosure
5 due to database server theft, unscrupulous administrators, and
6 insecure networks. Encryption might also be required to secure
7 sensitive data such as medical records or financial transactions.
8 </p><div class="variablelist"><dl class="variablelist"><dt><span class="term">Password Encryption</span></dt><dd><p>
9 Database user passwords are stored as hashes (determined by the setting
10 <a class="xref" href="runtime-config-connection.html#GUC-PASSWORD-ENCRYPTION">password_encryption</a>), so the administrator cannot
11 determine the actual password assigned to the user. If SCRAM or MD5
12 encryption is used for client authentication, the unencrypted password is
13 never even temporarily present on the server because the client encrypts
14 it before being sent across the network. SCRAM is preferred, because it
15 is an Internet standard and is more secure than the PostgreSQL-specific
16 MD5 authentication protocol.
17 </p><div class="warning"><h3 class="title">Warning</h3><p>
18 Support for MD5-encrypted passwords is deprecated and will be removed in
19 a future release of <span class="productname">PostgreSQL</span>. Refer to
20 <a class="xref" href="auth-password.html" title="20.5. Password Authentication">Section 20.5</a> for details about migrating to another
22 </p></div></dd><dt><span class="term">Encryption For Specific Columns</span></dt><dd><p>
23 The <a class="xref" href="pgcrypto.html" title="F.26. pgcrypto — cryptographic functions">pgcrypto</a> module allows certain fields to be
25 This is useful if only some of the data is sensitive.
26 The client supplies the decryption key and the data is decrypted
27 on the server and then sent to the client.
29 The decrypted data and the decryption key are present on the
30 server for a brief time while it is being decrypted and
31 communicated between the client and server. This presents a brief
32 moment where the data and keys can be intercepted by someone with
33 complete access to the database server, such as the system
35 </p></dd><dt><span class="term">Data Partition Encryption</span></dt><dd><p>
36 Storage encryption can be performed at the file system level or the
37 block level. Linux file system encryption options include eCryptfs
38 and EncFS, while FreeBSD uses PEFS. Block level or full disk
39 encryption options include dm-crypt + LUKS on Linux and GEOM
40 modules geli and gbde on FreeBSD. Many other operating systems
41 support this functionality, including Windows.
43 This mechanism prevents unencrypted data from being read from the
44 drives if the drives or the entire computer is stolen. This does
45 not protect against attacks while the file system is mounted,
46 because when mounted, the operating system provides an unencrypted
47 view of the data. However, to mount the file system, you need some
48 way for the encryption key to be passed to the operating system,
49 and sometimes the key is stored somewhere on the host that mounts
51 </p></dd><dt><span class="term">Encrypting Data Across A Network</span></dt><dd><p>
52 SSL connections encrypt all data sent across the network: the
53 password, the queries, and the data returned. The
54 <code class="filename">pg_hba.conf</code> file allows administrators to specify
55 which hosts can use non-encrypted connections (<code class="literal">host</code>)
56 and which require SSL-encrypted connections
57 (<code class="literal">hostssl</code>). Also, clients can specify that they
58 connect to servers only via SSL.
60 GSSAPI-encrypted connections encrypt all data sent across the network,
61 including queries and data returned. (No password is sent across the
62 network.) The <code class="filename">pg_hba.conf</code> file allows
63 administrators to specify which hosts can use non-encrypted connections
64 (<code class="literal">host</code>) and which require GSSAPI-encrypted connections
65 (<code class="literal">hostgssenc</code>). Also, clients can specify that they
66 connect to servers only on GSSAPI-encrypted connections
67 (<code class="literal">gssencmode=require</code>).
69 <span class="application">Stunnel</span> or
70 <span class="application">SSH</span> can also be used to encrypt
72 </p></dd><dt><span class="term">SSL Host Authentication</span></dt><dd><p>
73 It is possible for both the client and server to provide SSL
74 certificates to each other. It takes some extra configuration
75 on each side, but this provides stronger verification of identity
76 than the mere use of passwords. It prevents a computer from
77 pretending to be the server just long enough to read the password
78 sent by the client. It also helps prevent <span class="quote">“<span class="quote">man in the middle</span>”</span>
79 attacks where a computer between the client and server pretends to
80 be the server and reads and passes all data between the client and
82 </p></dd><dt><span class="term">Client-Side Encryption</span></dt><dd><p>
83 If the system administrator for the server's machine cannot be trusted,
85 for the client to encrypt the data; this way, unencrypted data
86 never appears on the database server. Data is encrypted on the
87 client before being sent to the server, and database results have
88 to be decrypted on the client before being used.
89 </p></dd></dl></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="preventing-server-spoofing.html" title="18.7. Preventing Server Spoofing">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="runtime.html" title="Chapter 18. Server Setup and Operation">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="ssl-tcp.html" title="18.9. Secure TCP/IP Connections with SSL">Next</a></td></tr><tr><td width="40%" align="left" valign="top">18.7. Preventing Server Spoofing </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 18.0 Documentation">Home</a></td><td width="40%" align="right" valign="top"> 18.9. Secure TCP/IP Connections with SSL</td></tr></table></div></body></html>
begriffs.com / projects / ai-pg / blob