Re: Column Redaction

Поиск
Список
Период
Сортировка
От Rod Taylor
Тема Re: Column Redaction
Дата
Msg-id CAKddOFCgoh85EPYVm9O0Z6_SgejJEWpU0ogObSkp-WjHk+r9WQ@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Column Redaction  (Stephen Frost <sfrost@snowman.net>)
Ответы Re: Column Redaction
Re: Column Redaction
Список pgsql-hackers
Дерево обсуждения


On Fri, Oct 10, 2014 at 10:56 AM, Stephen Frost <sfrost@snowman.net> wrote:
* Thom Brown (thom@linux.com) wrote:
> On 10 October 2014 12:45, Stephen Frost <sfrost@snowman.net> wrote:
> >> There's a difference between intending that there shouldn't be a way
> >> past security and just making access a matter of walking a longer
> >> route.
> >
> > Throwing random 16-digit numbers and associated information at a credit
> > card processor could be viewed as "walking a longer route" too.  The
> > same goes for random key searches or password guesses.
>
> But those would need to be exhaustive, and in nearly all cases,
> impractical.

That would be exactly the idea with this- we make it impractical to get
at the unredacted information.

For fun I gave the search a try.


create table cards (id serial, cc bigint);
insert into cards (cc)
  SELECT CAST(random() * 9999999999999999 AS bigint) FROM generate_series(1,10000);

\timing on
WITH RECURSIVE t(id, range_min, range_max) AS (
  SELECT id, 1::bigint, 9999999999999999 FROM cards
  UNION ALL
    SELECT id
         , CASE WHEN cc >= range_avg THEN range_avg ELSE range_min END
         , CASE WHEN cc <= range_avg THEN range_avg ELSE range_max END
      FROM (SELECT id, (range_min + range_max) / 2 AS range_avg, range_min, range_max
              FROM t
           ) AS t_avg
      JOIN cards USING (id)
     WHERE range_min != range_max
)
SELECT id, range_min AS cc FROM t WHERE range_min = range_max;


On my laptop I can pull all 10,000 card numbers in less than 1 second. For a text based item I don't imagine it would be much different. Numbers are pretty easy to work with though.

В списке pgsql-hackers по дате отправления: