Re: Enquiry about TDE with PgSQL
Bruce Momjian <bruce@momjian.us>
From: Bruce Momjian <bruce@momjian.us>
To: Laurenz Albe <laurenz.albe@cybertec.at>
Cc: Adrian Klaver <adrian.klaver@aklaver.com>, Kai Wagner <kai.wagner@percona.com>, Ron Johnson <ronljohnsonjr@gmail.com>, pgsql-general <pgsql-general@postgresql.org>
Date: 2025-10-31T16:49:25Z
Lists: pgsql-general
On Fri, Oct 31, 2025 at 05:40:31PM +0100, Laurenz Albe wrote: > On Fri, 2025-10-31 at 08:21 -0700, Adrian Klaver wrote: > > Yeah, what I would like to know is how many of the data breaches > > actually grab directly from the storage versus getting it through the > > database or other software above the storage? It seems to me social > > engineering plays a bigger role in this. > > This is not about actual security considerations, it is about checkboxes. > Consequently, rational arguments are missing the point. I think the big question is that, now with the effective PCI spec disallowing only storage-level encryption, can we, as a project, continue to reject in-core TDE because it is a check-box item. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.