Re: Enquiry about TDE with PgSQL

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Bruce Momjian <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: Adrian Klaver <[email protected]>
Cc: Kai Wagner <[email protected]>
Cc: Ron Johnson <[email protected]>
Cc: pgsql-general <[email protected]>
Subject: Re: Enquiry about TDE with PgSQL
Date: Fri, 31 Oct 2025 12:49:25 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CACgMzfwSDRF+kQr59h0-xGUobCeFZxwVzE_tUxF18DkVb+vuDQ@mail.gmail.com>
	<CAKAnmmKDCOdUT5JtJZz5papMO0zW1cnG4934d6aQVCQ_KdbUeg@mail.gmail.com>
	<CANzqJaA41CzNjkiQex+A0u9z11i6R3WQZJ+fkXfJO7VJwOMWzg@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<CAG0qCNhL=SEB4vc4v48PxN1F-t8htC463TpX7KDNWQ-s3s8dtA@mail.gmail.com>
	<[email protected]>
	<[email protected]>
	<[email protected]>

On Fri, Oct 31, 2025 at 05:40:31PM +0100, Laurenz Albe wrote:
> On Fri, 2025-10-31 at 08:21 -0700, Adrian Klaver wrote:
> > Yeah, what I would like to know is how many of the data breaches 
> > actually grab directly from the storage versus getting it through the 
> > database or other software above the storage? It seems to me social 
> > engineering plays a bigger role in this.
> 
> This is not about actual security considerations, it is about checkboxes.
> Consequently, rational arguments are missing the point.

I think the big question is that, now with the effective PCI spec
disallowing only storage-level encryption, can we, as a project,
continue to reject in-core TDE because it is a check-box item.

-- 
  Bruce Momjian  <[email protected]>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Do not let urgent matters crowd out time for investment in the future.

view thread (36+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Enquiry about TDE with PgSQL
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox