this post was submitted on 24 Feb 2026
468 points (99.6% liked)
Technology
81803 readers
4713 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
A lot of times encryption “at rest” is just encrypting the partition the DB is sitting on. There are options for encrypting the database when it’s in use, but if you don’t set up the right access controls the on-the-fly decryption can have it show up as plaintext.
The best option for this is to do the decryption/encryption in the application, so even if they get the DB credentials for the app user it’s still encrypted. One disadvantage is that you can’t do searches in the DB anymore.
Of course, all of these are in increasing level of difficulty and adding them after the fact becomes a more daunting task the longer you put it off.