| From: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
| Cc: | "Day, David" <dday(at)redcom(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |
| Date: | 2015-11-18 20:13:56 |
| Message-ID: | 20151118201356.GH614468@alvherre.pgsql |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
David G. Johnston wrote:
> On Wed, Nov 18, 2015 at 12:45 PM, Day, David <dday(at)redcom(dot)com> wrote:
> > I believe the concern, based on my current understanding of postgres
> > inner workings, is that when a dead tuple is reclaimed by vacuuming: Is
> > that reclaimed space initialized in some fashion that would shred any
> > sensitive data that was formerly there to any inspection by the
> > subsequent owner of that disk page ? ( zeroization )
No. Ultimately, space occupied by dead tuples is "freed" in
PageRepairFragmentation(), src/backend/storage/page/bufpage.c;
the contents of the tuples are shuffled to "defragment" the free space,
but the free space is not zeroed. You could certainly try to read the
unused page and extract some data from there.
--
Álvaro Herrera http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Melvin Davidson | 2015-11-18 20:20:38 | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |
| Previous Message | David G. Johnston | 2015-11-18 19:57:20 | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |