Re: PCI-DSS Requirements

We use PgBackRest to create encrypted backups, but the nature of pg_dump
means that the only way for them to be encrypted is to add that feature to
pg_dump.

On 9/22/22 01:16, Inzamam Shafiq wrote:
> Hi Ron,
>
> Thank you for the response.
>
> Actually we are in a starting phase and I have done instance level
> encryption (CYBERTECH TDE Patch) but if someone take dump and restore it
> on another server the data get restored successfully. Also the problem is
> that the data is in plain text.
>
> So I want to ask if disk or instance level encryption useful or we should
> focus on column level encryption?
>
> Also if any error occurred during DML and a plain query will be written
> into the logs which may not be compliant with PCI. How to overcome that?
>
> Thanks.
>
> Regards,
>
> /Inzamam Shafiq/
> /Sr. DBA/
> ----------------------------------------------------------------------------
> *From:* Ron <ronljohnsonjr(at)gmail(dot)com>
> *Sent:* Tuesday, September 20, 2022 10:44 PM
> *To:* pgsql-general(at)lists(dot)postgresql(dot)org <pgsql-general(at)lists(dot)postgresql(dot)org>
> *Subject:* Re: PCI-DSS Requirements
> On 9/20/22 04:27, Inzamam Shafiq wrote:
>>
>> Hi Team,
>>
>>
>> Anyone on PCI-DSS requirements for PostgreSQL DB, need help for some of
>> the points.
>>
>
> Can you be more specific?  (Typically. the auditors or the "audit
> pre-check" team will ask for a bunch of details on how your instance is
> configured.)
>
> The usual questions I get are:
> - What password hash algorithm is used?
> - How frequently to passwords expire?
> - Is SSL used when communicating with applications?
>
> --
> Angular momentum makes the world go 'round.

--
Angular momentum makes the world go 'round.