Re: Transparent Data Encryption (TDE) and encrypted files

On Thu, Oct 03, 2019 at 11:58:55AM -0400, Stephen Frost wrote:
>Greetings,
>
>* Peter Eisentraut (peter(dot)eisentraut(at)2ndquadrant(dot)com) wrote:
>> On 2019-10-03 16:40, Stephen Frost wrote:
>> >> As others have said, that sounds wrong to me. I think you need to
>> >> encrypt everything.
>> > That isn't what other database systems do though and isn't what people
>> > actually asking for this feature are expecting to have or deal with.
>>
>> It is what some other database systems do. Perhaps some others don't.
>
>I looked at the contemporary databases and provided details about all of
>them earlier in the thread. Please feel free to review that and let me
>know if your research shows differently.
>

I assume you mean this (in one of the other threads):

https://www.postgresql.org/message-id/20190817175217.GE16436%40tamriel.snowman.net

FWIW I don't see anything contradicting the idea of just encrypting
everything (including vm, fsm etc.). The only case that seems to be an
exception is the column-level encryption in Oracle, all the other
options (especially the database-level ones) seem to be consistent with
this principle.

regards

--
Tomas Vondra http://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services