From: Bruce Momjian Date: Fri, 17 Jun 2005 16:46:45 +0000 (+0000) Subject: NetBSD uses "options" not "option". X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=7d397c5ed03152ee40ba39a6ceffbb7b31384ec7;p=users%2Fbernd%2Fpostgres.git NetBSD uses "options" not "option". --- diff --git a/doc/src/sgml/runtime.sgml b/doc/src/sgml/runtime.sgml index 8c4ae1684f..509bcfa624 100644 --- a/doc/src/sgml/runtime.sgml +++ b/doc/src/sgml/runtime.sgml @@ -2,10 +2,10 @@ $PostgreSQL$ --> - - Server Run-time Environment + + Server Run-time Environment - + This chapter discusses how to set up and run the database server and its interactions with the operating system. @@ -447,7 +447,7 @@ psql: could not connect to server: No such file or directory - Run-time Configuration + Run-time Configuration configuration @@ -1511,6 +1511,7 @@ SET ENABLE_SEQSCAN TO OFF; values are fsync (call fsync() at each commit), fdatasync (call fdatasync() at each commit), + fsync_writethrough (call _commit() at each commit on Windows), open_sync (write WAL files with open() option O_SYNC), and open_datasync (write WAL files with open() option O_DSYNC). Not all of these choices are available on all platforms. @@ -3873,8 +3874,8 @@ plruby.bar = true # generates error, unknown class name - Number of seconds between ARC reports. - If set greater than zero, emit ARC statistics to the log every so many + Number of seconds between buffer freelist reports. + If set greater than zero, emit freelist statistics to the log every so many seconds. Zero (the default) disables reporting. @@ -4374,8 +4375,7 @@ options SEMMNS=512 options SEMMNU=256 options SEMMAP=256 - (On NetBSD and OpenBSD the key word is actually + (On OpenBSD the key word is actually option singular.) @@ -4420,8 +4420,8 @@ options SEMMAP=256 proc file system (without reboot). For example, to allow 128 MB: -$ echo 134217728 >/proc/sys/kernel/shmall -$ echo 134217728 >/proc/sys/kernel/shmmax +$ echo 134217728 >/proc/sys/kernel/shmall +$ echo 134217728 >/proc/sys/kernel/shmmax You could put these commands into a script run at boot-time. @@ -4826,6 +4826,161 @@ $ kill -INT `head -1 /usr/local/pgsql/data/postmaster.pid` + + Encryption Options + + + encryption + + + + PostgreSQL offers encryption at several + levels, and provides flexibility in protecting data from disclosure + due to database server theft, unscrupulous administrators, and + insecure networks. Encryption might also be required by government + regulation, for example, for medical records or financial + transactions. + + + + + + Password Storage Encryption + + + + By default, database user passwords are stored as MD5 hashes, so + the administrator can not determine the actual password assigned + to the user. If MD5 encryption is used for client authentication, + the unencrypted password is never even temporarily present on the + server because the client MD5 encrypts it before being sent across + the network. MD5 is a one-way encryption --- there is no + decryption algorithm. + + + + + + Encryption For Specific Columns + + + + The /contrib function library + pgcrypto allows certain fields to be stored + encrypted. This is useful if only some of the data is sensitive. + The client supplies the decryption key and the data is decrypted + on the server and then sent to the client. + + + + The decrypted data and the decryption key are present on the + server for a brief time while it is being decrypted and + communicated between the client and server. This presents a brief + moment where the data and keys can be intercepted by someone with + complete access to the database server, such as the system + administrator. + + + + + + Data Partition Encryption + + + + On Linux, encryption can be layered on top of a filesystem mount + using a loopback device. This allows an entire + filesystem partition be encrypted on disk, and decrypted by the + operating system. On FreeBSD, the equivalent facility is called + GEOM Based Disk Encryption, or gbde. + + + + This mechanism prevents unecrypted data from being read from the + drives if the drives or the entire computer is stolen. This + mechanism does nothing to protect against attacks while the + filesystem is mounted, because when mounted, the operating system + provides a unencrypted view of the data. However, to mount the + filesystem, you need some way for the encryption key to be passed + to the operating system, and sometimes the key is stored somewhere + on the host that mounts the disk. + + + + + + Encrypting Passwords Across A Network + + + + The MD5 authentication method double-encrypts the + password on the client before sending it to the server. It first + MD5 encrypts it based on the user name, and then encrypts it + based on a random salt sent by the server when the database + connection was made. It is this double-encrypted value that is + sent over the network to the server. Double-encryption not only + prevents the password from being discovered, it also prevents + another connection from replaying the same double-encryption + value in a later connection. + + + + + + Encrypting Data Across A Network + + + + SSL connections encrypt all data sent across the network: the + password, the queries, and the data returned. The + pg_hba.conf file allows administrators to specify + which hosts can use non-encrypted connections (host) + and which require SSL-encrypted connections + (hostssl). Also, clients can specify that they + connect to servers only via SSL. Stunnel or + SSH can also be used to encrypt transmissions. + + + + + + SSL Host Authentication + + + + It is possible for both the client and server to provide SSL keys + or certificates to each other. It takes some extra configuration + on each side, but this provides stronger verification of identity + than the mere use of passwords. It prevent a computer from + pretending to be the server just long enough to read the password + send by the client. It also helps prevent 'man in the middle" + attacks where a computer between the client and server pretends to + be the server and reads and passes all data between the client and + server. + + + + + + Client-Side Encryption + + + + If the system administrator can not be trusted, it is necessary + for the client to encrypt the data; this way, unencrypted data + never appears on the database server. Data is encrypted on the + client before being sent to the server, and database results have + to be decrypted on the client before being used. Peter Wayner's + book, Translucent Databases, discusses how to + do this in considerable detail. + + + + + + + + Secure TCP/IP Connections with SSL @@ -4981,7 +5136,7 @@ psql -h localhost -p 3333 template1 - +