Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.
| От | Adrian Klaver |
|---|---|
| Тема | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |
| Дата | |
| Msg-id | 564CE3C7.7000203@aklaver.com обсуждение исходный текст |
| Ответ на | postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. ("Day, David" <dday@redcom.com>) |
| Ответы |
Re: postgres zeroization of dead tuples ? i.e scrubbing
dead tuples with sensitive data.
|
| Список | pgsql-general |
On 11/18/2015 11:45 AM, Day, David wrote: > Hi, > > One of my co-workers came out of a NIST cyber-security type meeting > today and asked me to delve into postgres and zeroization. > > I am casually aware of mvcc issues and vacuuming > > I believe the concern, based on my current understanding of postgres > inner workings, is that when a dead tuple is reclaimed by vacuuming: > Is that reclaimed space initialized in some fashion that would shred > any sensitive data that was formerly there to any inspection by the > subsequent owner of that disk page ? ( zeroization ) Got to thinking, are you talking about a physical machine or a VM/container on shared hosting? If the latter then it is a more generic problem of detritus left behind between creations of virtual instances or cross talk on shared storage. > > Not sure that is the exact question to ask but hopefully you get a feel > for the requirement is not to leave any sensitive data laying about for > > recovery by a hacker, or at least minimize the places it could be > obtained without actually being able to log into postgres or having raw > disk access privileges. > > Thanks for any comments/instruction/links on the matter. > > Regards > > Dave Day > -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: