J
Jimmer
Guest
Hello, I have started exploring TDE and was reading about its practicality and effectiveness. There's something I'm still missing though I understood that network traffic to/from the db is not encrypted, TDE applying at the level of the physical files. And for that it uses a ks file. But the ks file is stored in the same location as the database (and thus exposed?), which means if I copy my database directory elsewhere, I would've kinda copied all the needed elements to access it, as the encryption is not bound to the server I'm running my db on. Now assuming that manual start mode is used (since autostart mode is not really usable on sensitive data), the only thing preventing my access to the database is the password/passphrase? And can't a brute force approach be scripted to try and guess the password? Overall I'm not trying to search for flaws, my main purpose is to understand how TDE will protect my database, and specifically since it applies to physical files, how will it protect my database from people who already have physical access to it? Thanks, and sorry for all the questions. Regards, JM
Continue reading...
Continue reading...