Re: Transparent Data Encryption (TDE) and encrypted files
| От | Magnus Hagander |
|---|---|
| Тема | Re: Transparent Data Encryption (TDE) and encrypted files |
| Дата | |
| Msg-id | CABUevEwfKjcgV=JpiwynLWx9vSkqEXofxwLqV_v5rdzZu7AzFA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Transparent Data Encryption (TDE) and encrypted files (Stephen Frost <sfrost@snowman.net>) |
| Ответы |
Re: Transparent Data Encryption (TDE) and encrypted files
|
| Список | pgsql-hackers |
On Fri, Oct 4, 2019 at 3:42 AM Stephen Frost <sfrost@snowman.net> wrote:
> It doesn't seem like it would require
> much work at all to construct an argument that a hacker might enjoy
> having unfettered access to pg_clog even if no other part of the
> database can be read.
The question isn't about what hackers would like to have access to, it's
about what would actually provide them with a channel to get information
that's sensitive, and at what rate. Perhaps there's an argument to be
made that clog would provide a high enough rate of information that
could be used to glean sensitive information, but that's certainly not
an argument that's been put forth, instead it's the knee-jerk reaction
of "oh goodness, if anything isn't encrypted then hackers will be able
to get access to everything" and that's just not a real argument.
Huh. That is *exactly* the argument I made. Though granted the example was on multixact primarily, because I think that is much more likely to leak interesting information, but the basis certainly applies to all the metadata.
В списке pgsql-hackers по дате отправления: