Search Postgresql Archives

Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



'm still trying to understand why you think someone can access old data but not current/live data.
If you encrypt the live data, wouldn't that solve both concerns?

On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver <adrian.klaver@xxxxxxxxxxx> wrote:
On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's quite unclear to me what threat model such a behavior would add
useful protection against.

If you had some sort of high-security database and deleted some data
from it, it's important for the threat modeller to know whether the
data is gone-as-in-overwritten or gone-as-in-marked-free.  This is the
same reason they want to know whether a deleted file is actually just
unlinked on the disk.

This doesn't mean one thing is better than another; just that, if
you're trying to understand what data could possibly be exfiltrated,
you need to know the state of all of it.

For realistic cases, I expect that deleted data is usually more
important than updated data.  But a threat modeller needs to
understand all these variables anyway.

Alright, I was following you up to this. Seems to me deleted data would represent stale/old data and would be less valuable.

A



--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx



--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



--
Melvin Davidson
I reserve the right to fantasize.  Whether or not you
wish to share my fantasy is entirely up to you.


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux