| From: | "Day, David" <dday(at)redcom(dot)com> |
|---|---|
| To: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |
| Date: | 2015-11-18 19:45:52 |
| Message-ID: | 401084E5E73F4241A44F3C9E6FD79428011E344888@exch-01 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
One of my co-workers came out of a NIST cyber-security type meeting today and asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of postgres inner workings, is that when a dead tuple is reclaimed by vacuuming: Is that reclaimed space initialized in some fashion that would shred any sensitive data that was formerly there to any inspection by the subsequent owner of that disk page ? ( zeroization )
Not sure that is the exact question to ask but hopefully you get a feel for the requirement is not to leave any sensitive data laying about for
recovery by a hacker, or at least minimize the places it could be obtained without actually being able to log into postgres or having raw disk access privileges.
Thanks for any comments/instruction/links on the matter.
Regards
Dave Day
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2015-11-18 19:57:20 | Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. |
| Previous Message | Josh Berkus | 2015-11-18 18:38:17 | Indianapolis PostgreSQL Meetup |