Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

Which begs the question, what is more important, the old/vacuumed data, or
the current valid data?
If someone can hack into the freed data, then they certainly have the
ability to hack into the current valid data.
So ultimately, the best thing to do is to secure the system from being
hacked, not zero out old data.
AFAIK, the only time you need to zero out the bytes is when you are
decommissioning the disk, in which case ALL data on the disk needs to be
wiped.

On Wed, Nov 18, 2015 at 3:13 PM, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
wrote:

> David G. Johnston wrote:
> > On Wed, Nov 18, 2015 at 12:45 PM, Day, David <dday(at)redcom(dot)com> wrote:
>
> > > I believe the concern, based on my current understanding of
> postgres
> > > inner workings, is that when a dead tuple is reclaimed by
> vacuuming: Is
> > > that reclaimed space initialized in some fashion that would shred any
> > > sensitive data that was formerly there to any inspection by the
> > > subsequent owner of that disk page ? ( zeroization )
>
> No. Ultimately, space occupied by dead tuples is "freed" in
> PageRepairFragmentation(), src/backend/storage/page/bufpage.c;
> the contents of the tuples are shuffled to "defragment" the free space,
> but the free space is not zeroed. You could certainly try to read the
> unused page and extract some data from there.
>
> --
> Álvaro Herrera http://www.2ndQuadrant.com/
> PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>

--
*Melvin Davidson*
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.