On Wed, Nov 18, 2015 at 04:46:11PM -0500, Melvin Davidson wrote: > 'm still trying to understand why you think someone can access old data but > not current/live data. I don't. It's just another risk. When you're making a list of risks, you need to list them all. It turns out that in Postgres, you have to worry about (1) data that's currently in the database and (2) some data that used to be there but isn't now. > If you encrypt the live data, wouldn't that solve both concerns? I have no idea, because I don't know what the theoretical risk to be mitigated is. It might, sure. The security profiler would still need to make a list of this fact and then ask how countermeasures mitigate it. Best regards, A -- Andrew Sullivan ajs@xxxxxxxxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
