Re: Enquiry about TDE with PgSQL

On 10/31/25 07:54, Bruce Momjian wrote:
> On Fri, Oct 31, 2025 at 03:01:48PM +0100, Kai Wagner wrote:

>> With the PCI DSS v4.1 standard, one key rule to comply with is, that "If PAN is
> 
> Uh, I think you mean the 4.0.1 standard, which became active on January
> 1, 2025.  I am surprised this is only being mentioned now:

> So it seems we have somewhat of a stand-off, with the Postgres project
> questioning the value of TDE and the PCI writers doubling-down on
> specifying disk-level encryption as insufficient.

Yeah, what I would like to know is how many of the data breaches 
actually grab directly from the storage versus getting it through the 
database or other software above the storage? It seems to me social 
engineering plays a bigger role in this.


-- 
Adrian Klaver
adrian.klaver@aklaver.com