Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/19/15 1:12 PM, Adrian Klaver wrote: >Our app is doing the authentication based on the sensitive >information retrieved from postgres tables. >Our app zeros out its associated memory to the process when it is done >with it. The developer was concerned about the >breadcrumbs left in

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Thu, Nov 19, 2015 at 09:01:47AM -0600, Merlin Moncure wrote: > It's quite a stretch to assume that HIPAA applies to internal garbage > collection minutia. It, of course, does. Which is why applying your suggestion ... > A much better way to look at compliance is to encrypt all sensitive >

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/19/2015 08:50 AM, Day, David wrote: -Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Thursday, November 19, 2015 11:06 AM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/19/2015 07:01 AM, Day, David wrote: -Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Wednesday, November 18, 2015 4:05 PM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

-Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Thursday, November 19, 2015 10:32 AM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. On 11/19/2015

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/19/2015 07:47 AM, Day, David wrote: So what are you working on? The document you link to starts with this: " Examples of network devices that are covered by requirements in this cPP include routers, firewalls, VPN gateways, IDSs, and switches. ..." So embedded devices. Not sure how

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

-Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Wednesday, November 18, 2015 4:05 PM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. On 11/18/2015

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 3:49 PM, John McKown wrote: > Not necessarily. Think PHI or HIPAA information which was "erased" because > you lost a customer. Or just something as "simple" as a name, address, and > credit card number for someone. It's still important and

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

-Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Thursday, November 19, 2015 11:06 AM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. On 11/19/2015

[GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

Hi, One of my co-workers came out of a NIST cyber-security type meeting today and asked me to delve into postgres and zeroization. I am casually aware of mvcc issues and vacuuming I believe the concern, based on my current understanding of postgres inner workings, is that when a dead

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote: > Hi, > > > > One of my co-workers came out of a NIST cyber-security type meeting today > and asked me to delve into postgres and zeroization. > > > > I am casually aware of mvcc issues and vacuuming > > > > I believe the

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 11:45 AM, Day, David wrote: I believe the concern, based on my current understanding of postgres inner workings, is that when a dead tuple is reclaimed by vacuuming: Is that reclaimed space initialized in some fashion that would shred any sensitive data that was formerly

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 11:45 AM, Day, David wrote: Hi, One of my co-workers came out of a NIST cyber-security type meeting today and asked me to delve into postgres and zeroization. I am casually aware of mvcc issues and vacuuming I believe the concern, based on my current understanding of

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 11:45 AM, Day, David wrote: Hi, One of my co-workers came out of a NIST cyber-security type meeting today and asked me to delve into postgres and zeroization. I am casually aware of mvcc issues and vacuuming I believe the concern, based on my current understanding of

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

-Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Wednesday, November 18, 2015 3:47 PM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data. On 11/18/2015 11

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

David G. Johnston wrote: > On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote: > > I believe the concern, based on my current understanding of postgres > > inner workings, is that when a dead tuple is reclaimed by vacuuming: Is > > that reclaimed space initialized in some

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

Which begs the question, what is more important, the old/vacuumed data, or the current valid data? If someone can hack into the freed data, then they certainly have the ability to hack into the current valid data. So ultimately, the best thing to do is to secure the system from being hacked, not

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

Alvaro Herrera writes: > David G. Johnston wrote: >> On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote: >>> I believe the concern, based on my current understanding of postgres >>> inner workings, is that when a dead tuple is reclaimed by

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 04:46:11PM -0500, Melvin Davidson wrote: > 'm still trying to understand why you think someone can access old data but > not current/live data. I don't. It's just another risk. When you're making a list of risks, you need to list them all. It turns out that in Postgres,

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote: > It's quite unclear to me what threat model such a behavior would add > useful protection against. If you had some sort of high-security database and deleted some data from it, it's important for the threat modeller to know whether the

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 01:46 PM, Michael Nolan wrote: On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver > wrote: Alright, I was following you up to this. Seems to me deleted data would represent stale/old data and would be less

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 01:38:47PM -0800, Adrian Klaver wrote: > Alright, I was following you up to this. Seems to me deleted data would > represent stale/old data and would be less valuable. If the data that was deleted is sensitive, then the fact that you deleted it but that it didn't actually

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 01:49 PM, John McKown wrote: On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver >wrote: On 11/18/2015 01:34 PM, Andrew Sullivan wrote: On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote: It's

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 01:34 PM, Andrew Sullivan wrote: On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote: It's quite unclear to me what threat model such a behavior would add useful protection against. If you had some sort of high-security database and deleted some data from it, it's important

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

'm still trying to understand why you think someone can access old data but not current/live data. If you encrypt the live data, wouldn't that solve both concerns? On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver wrote: > On 11/18/2015 01:34 PM, Andrew Sullivan wrote: >

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver wrote: > >> Alright, I was following you up to this. Seems to me deleted data would > represent stale/old data and would be less valuable. > >> >> It may depend on WHY the data was deleted. If it represented, say, Hillary

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 01:51 PM, Andrew Sullivan wrote: On Wed, Nov 18, 2015 at 01:38:47PM -0800, Adrian Klaver wrote: Alright, I was following you up to this. Seems to me deleted data would represent stale/old data and would be less valuable. If the data that was deleted is sensitive, then the fact

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver wrote: > On 11/18/2015 01:34 PM, Andrew Sullivan wrote: > >> On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote: >> >>> It's quite unclear to me what threat model such a behavior would add >>> useful protection

Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

On 11/18/2015 12:57 PM, Day, David wrote: -Original Message- From: Adrian Klaver [mailto:adrian.kla...@aklaver.com] Sent: Wednesday, November 18, 2015 3:47 PM To: Day, David; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead