Re: Enquiry about TDE with PgSQL
| От | Chris Travers |
|---|---|
| Тема | Re: Enquiry about TDE with PgSQL |
| Дата | |
| Msg-id | CAKt_ZfuwPgG_nJHp6S=8k_+NdA6Op7hE0z7+s4-HuBqr1cnwsg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Enquiry about TDE with PgSQL (Christophe Pettus <xof@thebuild.com>) |
| Ответы |
Re: Enquiry about TDE with PgSQL
|
| Список | pgsql-general |
I maintain that the way forward is to get TDE in core. Perhaps someone could pick up the previous patches and try to push them again
Best Wishes,
Chris Travers
On Sat, Nov 1, 2025, 8:36 AM Christophe Pettus <xof@thebuild.com> wrote:
On Oct 31, 2025, at 17:24, Clay Jackson (cjackson) <Clay.Jackson@quest.com> wrote:
>
> I can't disagree - but the question them becomes, as Markus and other have pointed out; would that allow a customer/user to check the "Encryption" box for PCI or any other "compliance review"
The answer is: it depends (doesn't it always?). Doing secure column-level encryption meets the PCI standard, and a competent PCI auditor will know that. However, TDE has this cache as being "the way one does it," and if the organization is that way, it's hard to move them off of it.
As a sign of how the PCI world views TDE, at least one of the major credit card associations does not use it, and they have literally everyone's credit card number, with expiration date and CVV, sitting on their disks.
В списке pgsql-general по дате отправления: