[prev in list] [next in list] [prev in thread] [next in thread]
List: postgresql-general
Subject: Re: PCI-DSS Requirements
From: Ron <ronljohnsonjr () gmail ! com>
Date: 2022-09-22 11:18:06
Message-ID: 9cc510a9-fb1b-bfaf-1f95-d118aa102f35 () gmail ! com
[Download RAW message or body]
We use PgBackRest to create encrypted backups, but the nature of pg_dump
means that the only way for them to be encrypted is to add that feature to
pg_dump.
On 9/22/22 01:16, Inzamam Shafiq wrote:
> Hi Ron,
>
> Thank you for the response.
>
> Actually we are in a starting phase and I have done instance level
> encryption (CYBERTECH TDE Patch) but if someone take dump and restore it
> on another server the data get restored successfully. Also the problem is
> that the data is in plain text.
>
> So I want to ask if disk or instance level encryption useful or we should
> focus on column level encryption?
>
> Also if any error occurred during DML and a plain query will be written
> into the logs which may not be compliant with PCI. How to overcome that?
>
> Thanks.
>
> Regards,
>
> /Inzamam Shafiq/
> /Sr. DBA/
> ----------------------------------------------------------------------------
> *From:* Ron <ronljohnsonjr@gmail.com>
> *Sent:* Tuesday, September 20, 2022 10:44 PM
> *To:* pgsql-general@lists.postgresql.org <pgsql-general@lists.postgresql.org>
> *Subject:* Re: PCI-DSS Requirements
> On 9/20/22 04:27, Inzamam Shafiq wrote:
>>
>> Hi Team,
>>
>>
>> Anyone on PCI-DSS requirements for PostgreSQL DB, need help for some of
>> the points.
>>
>
> Can you be more specific? (Typically. the auditors or the "audit
> pre-check" team will ask for a bunch of details on how your instance is
> configured.)
>
> The usual questions I get are:
> - What password hash algorithm is used?
> - How frequently to passwords expire?
> - Is SSL used when communicating with applications?
>
> --
> Angular momentum makes the world go 'round.
--
Angular momentum makes the world go 'round.
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
We use PgBackRest to create encrypted backups, but the nature of
pg_dump means that the only way for them to be encrypted is to add
that feature to pg_dump.<br>
<br>
<div class="moz-cite-prefix">On 9/22/22 01:16, Inzamam Shafiq wrote:<br>
</div>
<blockquote type="cite"
cite="mid:AM9P251MB03305BD42D448571714000AF984E9@AM9P251MB0330.EURP251.PROD.OUTLOOK.COM">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css" style="display:none;">P \
{margin-top:0;margin-bottom:0;}</style> <div style="font-family: "Franklin \
Gothic Book", "Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
Hi Ron,</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
Thank you for the response.</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
Actually we are in a starting phase and I have done instance
level encryption (CYBERTECH TDE Patch) but if someone take dump
and restore it on another server the data get restored
successfully. Also the problem is that the data is in plain
text.</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
So I want to ask if disk or instance level encryption useful or
we should focus on column level encryption?</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size: 12pt;
color: rgb(0, 0, 0);" class="elementToProof">
Also if any error occurred during DML and a plain query will be
written into the logs which may not be compliant with PCI. How
to overcome that?</div>
<div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size:
12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size:
12pt; color: rgb(0, 0, 0);" class="elementToProof">
Thanks.</div>
<div style="font-family: "Franklin Gothic Book",
"Avenir Next Condensed", sans-serif; font-size:
12pt; color: rgb(0, 0, 0);" class="elementToProof">
<br>
</div>
<div id="Signature">
<div>
<div id="divtagdefaultwrapper" dir="ltr"
style="font-size:12pt; color:#000000;
font-family:Calibri,Helvetica,sans-serif">
Regards,
<div><br>
</div>
<div><i>Inzamam Shafiq</i></div>
<div><i>Sr. DBA</i></div>
</div>
</div>
</div>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font style="font-size:11pt"
face="Calibri, sans-serif" color="#000000"><b>From:</b> Ron
<a class="moz-txt-link-rfc2396E" \
href="mailto:ronljohnsonjr@gmail.com"><ronljohnsonjr@gmail.com></a><br> \
<b>Sent:</b> Tuesday, September 20, 2022 10:44 PM<br>
<b>To:</b> <a class="moz-txt-link-abbreviated" \
href="mailto:pgsql-general@lists.postgresql.org">pgsql-general@lists.postgresql.org</a>
<a class="moz-txt-link-rfc2396E" \
href="mailto:pgsql-general@lists.postgresql.org"><pgsql-general@lists.postgresql.org></a><br>
<b>Subject:</b> Re: PCI-DSS Requirements</font>
<div> </div>
</div>
<div>On 9/20/22 04:27, Inzamam Shafiq wrote:<br>
<blockquote type="cite">
<style type="text/css" style="display:none">p
{margin-top:0;
margin-bottom:0}</style>
<div class="x_elementToProof"
style="font-family:"Franklin Gothic
Book","Avenir Next Condensed",sans-serif;
font-size:12pt; color:rgb(0,0,0)">
<p style="">Hi Team,</p>
<p style=""><br>
</p>
<p style="">Anyone on PCI-DSS requirements for PostgreSQL
DB, need help for some of the points.</p>
</div>
</blockquote>
<br>
Can you be more specific? (Typically. the auditors or the
"audit pre-check" team will ask for a bunch of details on how
your instance is configured.)<br>
<br>
The usual questions I get are:<br>
- What password hash algorithm is used?<br>
- How frequently to passwords expire?<br>
- Is SSL used when communicating with applications?<br>
<br>
<div class="x_moz-signature">-- <br>
Angular momentum makes the world go 'round.</div>
</div>
</blockquote>
<br>
<div class="moz-signature">-- <br>
Angular momentum makes the world go 'round.</div>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic