On 11/19/15 1:12 PM, Adrian Klaver wrote:
>Our app is doing the authentication based on the sensitive
>information retrieved from postgres tables.
>Our app zeros out its associated memory to the process when it is done
>with it. The developer was concerned about the
>breadcrumbs left in
On Thu, Nov 19, 2015 at 09:01:47AM -0600, Merlin Moncure wrote:
> It's quite a stretch to assume that HIPAA applies to internal garbage
> collection minutia.
It, of course, does.
Which is why applying your suggestion ...
> A much better way to look at compliance is to encrypt all sensitive
>
On 11/19/2015 08:50 AM, Day, David wrote:
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Thursday, November 19, 2015 11:06 AM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
On 11/19/2015 07:01 AM, Day, David wrote:
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 4:05 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Thursday, November 19, 2015 10:32 AM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/19/2015
On 11/19/2015 07:47 AM, Day, David wrote:
So what are you working on?
The document you link to starts with this:
"
Examples of network devices that are covered by requirements in this cPP include
routers, firewalls, VPN gateways, IDSs, and switches. ..."
So embedded devices. Not sure how
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 4:05 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/18/2015
On Wed, Nov 18, 2015 at 3:49 PM, John McKown
wrote:
> Not necessarily. Think PHI or HIPAA information which was "erased" because
> you lost a customer. Or just something as "simple" as a name, address, and
> credit card number for someone. It's still important and
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Thursday, November 19, 2015 11:06 AM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/19/2015
Hi,
One of my co-workers came out of a NIST cyber-security type meeting today and
asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of postgres inner
workings, is that when a dead
On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote:
> Hi,
>
>
>
> One of my co-workers came out of a NIST cyber-security type meeting today
> and asked me to delve into postgres and zeroization.
>
>
>
> I am casually aware of mvcc issues and vacuuming
>
>
>
> I believe the
On 11/18/2015 11:45 AM, Day, David wrote:
I believe the concern, based on my current understanding of
postgres inner workings, is that when a dead tuple is reclaimed by
vacuuming: Is that reclaimed space initialized in some fashion that
would shred any sensitive data that was formerly
On 11/18/2015 11:45 AM, Day, David wrote:
Hi,
One of my co-workers came out of a NIST cyber-security type meeting
today and asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of
On 11/18/2015 11:45 AM, Day, David wrote:
Hi,
One of my co-workers came out of a NIST cyber-security type meeting
today and asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 3:47 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/18/2015 11
David G. Johnston wrote:
> On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote:
> > I believe the concern, based on my current understanding of postgres
> > inner workings, is that when a dead tuple is reclaimed by vacuuming: Is
> > that reclaimed space initialized in some
Which begs the question, what is more important, the old/vacuumed data, or
the current valid data?
If someone can hack into the freed data, then they certainly have the
ability to hack into the current valid data.
So ultimately, the best thing to do is to secure the system from being
hacked, not
Alvaro Herrera writes:
> David G. Johnston wrote:
>> On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote:
>>> I believe the concern, based on my current understanding of postgres
>>> inner workings, is that when a dead tuple is reclaimed by
On Wed, Nov 18, 2015 at 04:46:11PM -0500, Melvin Davidson wrote:
> 'm still trying to understand why you think someone can access old data but
> not current/live data.
I don't. It's just another risk. When you're making a list of risks,
you need to list them all. It turns out that in Postgres,
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
> It's quite unclear to me what threat model such a behavior would add
> useful protection against.
If you had some sort of high-security database and deleted some data
from it, it's important for the threat modeller to know whether the
On 11/18/2015 01:46 PM, Michael Nolan wrote:
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver
> wrote:
Alright, I was following you up to this. Seems to me deleted data
would represent stale/old data and would be less
On Wed, Nov 18, 2015 at 01:38:47PM -0800, Adrian Klaver wrote:
> Alright, I was following you up to this. Seems to me deleted data would
> represent stale/old data and would be less valuable.
If the data that was deleted is sensitive, then the fact that you
deleted it but that it didn't actually
On 11/18/2015 01:49 PM, John McKown wrote:
On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver
>wrote:
On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's
On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's quite unclear to me what threat model such a behavior would add
useful protection against.
If you had some sort of high-security database and deleted some data
from it, it's important
'm still trying to understand why you think someone can access old data but
not current/live data.
If you encrypt the live data, wouldn't that solve both concerns?
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver
wrote:
> On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
>
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver
wrote:
>
>> Alright, I was following you up to this. Seems to me deleted data would
> represent stale/old data and would be less valuable.
>
>>
>>
It may depend on WHY the data was deleted. If it represented, say, Hillary
On 11/18/2015 01:51 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 01:38:47PM -0800, Adrian Klaver wrote:
Alright, I was following you up to this. Seems to me deleted data would
represent stale/old data and would be less valuable.
If the data that was deleted is sensitive, then the fact
On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver
wrote:
> On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
>
>> On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
>>
>>> It's quite unclear to me what threat model such a behavior would add
>>> useful protection
On 11/18/2015 12:57 PM, Day, David wrote:
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 3:47 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
29 matches
Mail list logo