Re: Enquiry about TDE with PgSQL
| От | Greg Sabino Mullane |
|---|---|
| Тема | Re: Enquiry about TDE with PgSQL |
| Дата | |
| Msg-id | CAKAnmmKYP0DZpBhFXFBAbpkEkGt8g+MKOsSR=M+nKbvLZ8v89w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Enquiry about TDE with PgSQL (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: Enquiry about TDE with PgSQL
Re: Enquiry about TDE with PgSQL Re: Enquiry about TDE with PgSQL |
| Список | pgsql-general |
On Fri, Oct 31, 2025 at 10:54 AM Bruce Momjian <bruce@momjian.us> wrote:
Disk-level and partition-level encryption typically encrypts
the entire disk or partition using the same key, with all data
automatically decrypted when the system runs or when an authorized
--> user requests it. For this reason, disk-level encryption is not
--> appropriate to protect stored PAN on computers, laptops, servers,
storage arrays, or any other system that provides transparent
decryption upon user authentication.
Hmm, I read this a few times but still not sure what the technical objection is. Yes, the entire disk is encrypted with the same key, but why is that insufficient to protect things? Anyone care to guess what they are thinking here?
The biggest possible downside of this standoff is that enterprises that need to meet PCI compliance specifications are forced to use specialized versions of Postgres or Postgres extensions that support TDE.
Not always a downside for the companies selling those specialized versions though.
Cheers,
Greg
--
Crunchy Data - https://www.crunchydata.com
Enterprise Postgres Software Products & Tech Support
В списке pgsql-general по дате отправления: