| From: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us>, Kai Wagner <kai(dot)wagner(at)percona(dot)com> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Ron Johnson <ronljohnsonjr(at)gmail(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Enquiry about TDE with PgSQL |
| Date: | 2025-10-31 15:21:18 |
| Message-ID: | df60c2f9-21df-4c04-a33c-5ae8ec74d431@aklaver.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 10/31/25 07:54, Bruce Momjian wrote:
> On Fri, Oct 31, 2025 at 03:01:48PM +0100, Kai Wagner wrote:
>> With the PCI DSS v4.1 standard, one key rule to comply with is, that "If PAN is
>
> Uh, I think you mean the 4.0.1 standard, which became active on January
> 1, 2025. I am surprised this is only being mentioned now:
> So it seems we have somewhat of a stand-off, with the Postgres project
> questioning the value of TDE and the PCI writers doubling-down on
> specifying disk-level encryption as insufficient.
Yeah, what I would like to know is how many of the data breaches
actually grab directly from the storage versus getting it through the
database or other software above the storage? It seems to me social
engineering plays a bigger role in this.
--
Adrian Klaver
adrian(dot)klaver(at)aklaver(dot)com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Greg Sabino Mullane | 2025-10-31 15:25:04 | Re: Enquiry about TDE with PgSQL |
| Previous Message | Bruce Momjian | 2025-10-31 14:54:16 | Re: Enquiry about TDE with PgSQL |