On 11/18/2015 01:49 PM, John McKown wrote:
On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver
<adrian.klaver@xxxxxxxxxxx <mailto:adrian.klaver@xxxxxxxxxxx>>wrote:
On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's quite unclear to me what threat model such a behavior
would add
useful protection against.
If you had some sort of high-security database and deleted some data
from it, it's important for the threat modeller to know whether the
data is gone-as-in-overwritten or gone-as-in-marked-free. This
is the
same reason they want to know whether a deleted file is actually
just
unlinked on the disk.
This doesn't mean one thing is better than another; just that, if
you're trying to understand what data could possibly be exfiltrated,
you need to know the state of all of it.
For realistic cases, I expect that deleted data is usually more
important than updated data. But a threat modeller needs to
understand all these variables anyway.
Alright, I was following you up to this. Seems to me deleted data
would represent stale/old data and would be less valuable.
Not necessarily. Think PHI or HIPAA information which was "erased"
because you lost a customer. Or just something as "simple" as a name,
address, and credit card number for someone. It's still important and
useful to thieves if it is "erase". I can see a smaller company using PG
for accounting and billing information. But it really should be
encrypted. I often wonder how many "small" businesses actually do that.
I a truly ignorant on that point.
Well from the large scale leaks that have been reported, large
companies/organizations are not doing it either. I have credit watch on
my accounts courtesy of my health insurer(Premara) as they did not
protect my information.
That's not even getting into government information that might be of
interest to others such as the FSB or even Wikileaks (regardless of
one's opinion them). Of course, I don't really know if any government or
other "high security" industry is actually using PG for secure information.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx <mailto:adrian.klaver@xxxxxxxxxxx>
--
Schrodinger's backup: The condition of any backup is unknown until a
restore is attempted.
Yoda of Borg, we are. Futile, resistance is, yes. Assimilated, you will be.
He's about as useful as a wax frying pan.
10 to the 12th power microphones = 1 Megaphone
Maranatha! <><
John McKown
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
