From: Tomas Vondra [mailto:tomas.vondra@2ndquadrant.com]
> Let me share some of the issues mentioned as possibly addressed by TDE
> (I'm not entirely sure TDE actually solves them, I'm just saying those
> were mentioned in previous discussions):
FYI, our product provides TDE like Oracle and SQL Server, which enables encryption per tablespace. Relations, WAL
recordsand temporary files related to encrypted tablespace are encrypted.
http://www.fujitsu.com/global/products/software/middleware/opensource/postgres/
(I wonder why the web site doesn't offer the online manual... I've recognized we need to fix this situation. Anyway, I
guessthe downloadable trial version includes the manual.)
> 1) enterprise requirement - Companies want in-database encryption, for
> various reasons (because "enterprise solution" or something).
To assist compliance with PCI DSS, HIPAA, etc.
> 2) like FDE, but OS/filesystem independent - Same config on any OS and
> filesystem, which may make maintenance easier.
>
> 3) does not require special OS/filesystem setup - Does not require help
> from system adminitrators, setup of LUKS devices or whatever.
>
> 4) all filesystem access (basebackups/rsync) is encrypted anyway
>
> 5) solves key management (the main challenge with pgcrypto)
>
> 6) allows encrypting only some of the data (tables, columns) to minimize
> performance impact
All yes.
> IMHO it makes sense to have TDE even if it provides the same "security"
> as disk-level encryption, assuming it's more convenient to setup/use
> from the database.
Agreed.
Regards
Takayuki Tsunakawa
