On 11/18/2015 11:45 AM, Day, David wrote:
Hi, One of my co-workers came out of a NIST cyber-security type meeting today and asked me to delve into postgres and zeroization. I am casually aware of mvcc issues and vacuuming I believe the concern, based on my current understanding of postgres inner workings, is that when a dead tuple is reclaimed by vacuuming: Is that reclaimed space initialized in some fashion that would shred any sensitive data that was formerly there to any inspection by the subsequent owner of that disk page ? ( zeroization ) Not sure that is the exact question to ask but hopefully you get a feel for the requirement is not to leave any sensitive data laying about for recovery by a hacker, or at least minimize the places it could be obtained without actually being able to log into postgres or having raw disk access privileges.
Per Melvins post, what makes the old pages any more valuable for hacking then the current pages?
Thanks for any comments/instruction/links on the matter. Regards Dave Day
-- Adrian Klaver adrian.klaver@xxxxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
