Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.
| От | Adrian Klaver |
|---|---|
| Тема | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |
| Дата | |
| Msg-id | 564D11DD.5040209@aklaver.com обсуждение исходный текст |
| Ответ на | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. (John McKown <john.archie.mckown@gmail.com>) |
| Список | pgsql-general |
On 11/18/2015 01:49 PM, John McKown wrote: > On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver > <adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>>wrote: > > On 11/18/2015 01:34 PM, Andrew Sullivan wrote: > > On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote: > > It's quite unclear to me what threat model such a behavior > would add > useful protection against. > > > If you had some sort of high-security database and deleted some data > from it, it's important for the threat modeller to know whether the > data is gone-as-in-overwritten or gone-as-in-marked-free. This > is the > same reason they want to know whether a deleted file is actually > just > unlinked on the disk. > > This doesn't mean one thing is better than another; just that, if > you're trying to understand what data could possibly be exfiltrated, > you need to know the state of all of it. > > For realistic cases, I expect that deleted data is usually more > important than updated data. But a threat modeller needs to > understand all these variables anyway. > > > Alright, I was following you up to this. Seems to me deleted data > would represent stale/old data and would be less valuable. > > > Not necessarily. Think PHI or HIPAA information which was "erased" > because you lost a customer. Or just something as "simple" as a name, > address, and credit card number for someone. It's still important and > useful to thieves if it is "erase". I can see a smaller company using PG > for accounting and billing information. But it really should be > encrypted. I often wonder how many "small" businesses actually do that. > I a truly ignorant on that point. Well from the large scale leaks that have been reported, large companies/organizations are not doing it either. I have credit watch on my accounts courtesy of my health insurer(Premara) as they did not protect my information. > > That's not even getting into government information that might be of > interest to others such as the FSB or even Wikileaks (regardless of > one's opinion them). Of course, I don't really know if any government or > other "high security" industry is actually using PG for secure information. > > > -- > Adrian Klaver > adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com> > > > -- > > Schrodinger's backup: The condition of any backup is unknown until a > restore is attempted. > > Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be. > > He's about as useful as a wax frying pan. > > 10 to the 12th power microphones = 1 Megaphone > > Maranatha! <>< > John McKown -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: