We use PgBackRest to create encrypted backups, but the nature of pg_dump
means that the only way for them to be encrypted is to add that feature to
pg_dump.
On 9/22/22 01:16, Inzamam Shafiq wrote:
Hi Ron,
Thank you for the response.
Actually we are in a starting phase and I have done instance level
encryption (CYBERTECH TDE Patch) but if someone take dump and restore it
on another server the data get restored successfully. Also the problem is
that the data is in plain text.
So I want to ask if disk or instance level encryption useful or we should
focus on column level encryption?
Also if any error occurred during DML and a plain query will be written
into the logs which may not be compliant with PCI. How to overcome that?
Thanks.
Regards,
/Inzamam Shafiq/
/Sr. DBA/
----------------------------------------------------------------------------
*From:* Ron <ronljohnso...@gmail.com>
*Sent:* Tuesday, September 20, 2022 10:44 PM
*To:* pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
*Subject:* Re: PCI-DSS Requirements
On 9/20/22 04:27, Inzamam Shafiq wrote:
Hi Team,
Anyone on PCI-DSS requirements for PostgreSQL DB, need help for some of
the points.
Can you be more specific? (Typically. the auditors or the "audit
pre-check" team will ask for a bunch of details on how your instance is
configured.)
The usual questions I get are:
- What password hash algorithm is used?
- How frequently to passwords expire?
- Is SSL used when communicating with applications?
--
Angular momentum makes the world go 'round.
--
Angular momentum makes the world go 'round.
