On Mon, Nov 23, 2015 at 7:44 PM, Igor Fedotov <ifedotov@xxxxxxxxxxxx> wrote: > Hi Gregory, > > On 23.11.2015 18:52, Gregory Farnum wrote: >> >> On Wed, Nov 18, 2015 at 8:42 AM, Igor Fedotov <ifedotov@xxxxxxxxxxxx> >> wrote: >>> >>> Hi Cephers. >>> >>> Does Ceph have an ability to wipe object content during one's removal? >>> Surely one can do that manually from the client but I think that's >>> ineffective and not 100% secure. >>> >>> If no - what's about adding such feature to Ceph? >>> I can start working on that. >> >> Wipe object content during removal of what? The OSD? Or are you >> talking about secure erase of object data instead of unlinking files? > > I meant secure object removal. > >> I'm not sure if any of that is really more interesting than just >> enabling disk encryption... >> -Greg > > I agree that encryption is more secure but it consumes much more CPU > resources. > > Thanks, > Igor > Hi, just wondering - do you have a complete security model where secure erase is required, but data protection by itself is not important by itself? In any way, the immediate object wipeout is not fast - it could consume tens of minutes or even hours after actual erase command, which is actually negates the requirement of the effective data destruction. Commonly the erase procedure is required when a media is moved between different security access zones, which could be seen as a lifecycle operation and it does not depend on any software functionality within those zones. -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
