password from the client.
</para>
<para>
To prevent spoofing with GSSAPI, the server must be configured to accept
only <literal>hostgssenc</literal> connections
(<xref linkend="auth-pg-hba-conf"/>) and use <literal>gss</literal>
authentication with them. The TCP client must connect
using <literal>gssencmode=require</literal>.
</para>
</sect1>
<sect1 id="encryption-options">
<title>Encryption Options</title>
<indexterm zone="encryption-options">
<primary>encryption</primary>
</indexterm>
<para>
<productname>PostgreSQL</productname> offers encryption at several
levels, and provides flexibility in protecting data from disclosure
due to database server theft, unscrupulous administrators, and
insecure networks. Encryption might also be required to secure
sensitive data such as medical records or financial transactions.
</para>
<variablelist>
<varlistentry>
<term>Password Encryption</term>
<listitem>
<para>
Database user passwords are stored as hashes (determined by the setting
<xref linkend="guc-password-encryption"/>), so the administrator cannot
determine the actual password assigned to the user. If SCRAM or MD5
encryption is used for client authentication, the unencrypted password is
never even temporarily present on the server because the client encrypts
it before being sent across the network. SCRAM is preferred, because it
is an Internet standard and is more secure than the PostgreSQL-specific
MD5 authentication protocol.
</para>
<warning>
<para>
Support for MD5-encrypted passwords is deprecated and will be removed in
a future release of <productname>PostgreSQL</productname>. Refer to
<xref linkend="auth-password"/> for details about migrating to another
password type.
</para>
</warning>
</listitem>
</varlistentry>
<varlistentry>
<term>Encryption For Specific Columns</term>
<listitem>
<para>
The <xref linkend="pgcrypto"/> module allows certain fields to be
stored encrypted.
This is useful if only some of the data is sensitive.
The client supplies the decryption key and the data is decrypted
on the server and then sent to the client.
</para>
<para>
The decrypted data and the decryption key are present on the
server for a brief time while it is being decrypted and
communicated between the client and server. This presents a brief
moment where the data and keys can be intercepted by someone with
complete access to the database server, such as the system
administrator.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Data Partition Encryption</term>
<listitem>
<para>
Storage encryption can be performed at the file system level or the
block level. Linux file system encryption options include eCryptfs
and EncFS, while FreeBSD uses PEFS. Block level or full disk
encryption options include dm-crypt + LUKS on Linux and GEOM
modules geli and gbde on FreeBSD. Many other operating systems
support this functionality, including Windows.
</para>
<para>
This mechanism prevents unencrypted data from being read from the
drives if the drives or the entire computer is stolen. This does
not protect against attacks while the file system is mounted,
because when mounted, the operating system provides an unencrypted
view of the data. However, to mount the file system, you need some
way for the encryption key to be passed to the operating system,
and sometimes the key is stored somewhere on the host that mounts
the disk.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>Encrypting Data Across A Network</term>
<listitem>
<para>
SSL connections encrypt all data sent across the network: the
password, the queries, and the data returned. The
<filename>pg_hba.conf</filename>