Optimizedb Considerations for Data at Rest Encryption
Note:
• When the optimizedb utility is used to create statistics for encrypted columns, the histogram cells will contain unencrypted (plain text) data. The histogram cells are statistical extracts, and cannot be linked back to any particular row in the table (except when there is only a single table row). Nevertheless, depending on the nature of the data and your business, this may be considered a security breach.
• By default, the optimizedb program skips encrypted columns, but they can be included by specifying the -ze flag. Alternatively, the -r (relation) and -a (attribute) flags can be used to specify exactly which tables and columns to include.
• You can verify which columns have had statistics generated for them with the statdump command.
• For Ingres Star databases, optimizedb is not able to determine whether or not a column is encrypted. To exclude encrypted columns, use the -r and -a flags to specify the columns for which statistical data is gathered.