Re: [Proposal] Table-level Transparent Data Encryption (TDE) and Key Management Service (KMS)
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Masahiko Sawada <sawada.mshk@gmail.com>, Robert Haas
<robertmhaas@gmail.com>
Cc: Haribabu Kommi <kommi.haribabu@gmail.com>, "Moon, Insung" <Moon_Insung_i3@lab.ntt.co.jp>, Ibrar Ahmed <ibrar.ahmad@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2019-03-04T17:55:39Z
Lists: pgsql-hackers
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revamp the WAL record format.
- 2c03216d8311 9.5.0 cited
Masahiko Sawada wrote: > Why do people want to just encrypt everything? For satisfying some > security compliance? I'd say that TDE primarily protects you from masked ninjas that break into your server room and rip out the disks with your database on them. Or from people stealing your file system backups that you leave lying around in public. My guess is that this requirement almost always comes from security departments that don't know a lot about the typical security threats that databases face, or (worse) from lawmakers. And these are probably the people who will insist that *everything* is encrypted, even your commit log (unencrypted log? everyone can read the commits?). Yours, Laurenz Albe