[
https://issues.apache.org/jira/browse/HDFS-11357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15833838#comment-15833838
]
Allen Wittenauer commented on HDFS-11357:
-----------------------------------------
It's probably worth pointing out this only works on non-COW file systems.
> Secure Delete
> -------------
>
> Key: HDFS-11357
> URL: https://issues.apache.org/jira/browse/HDFS-11357
> Project: Hadoop HDFS
> Issue Type: New Feature
> Reporter: Andrew Purtell
> Priority: Minor
> Attachments: 0001-HDFS-secure-delete.patch
>
>
> Occasionally for compliance or other legal/process reasons it is necessary to
> attest that data has been deleted in such a way that it cannot be retrieved
> even through low level forensics (for some reasonable definition of this that
> typically excludes the resources a state actor can bring to data recovery).
> HDFS at-rest encryption offers one way to achieve this, if the data keying
> strategy is highly granular. One simply "forgets" a key corresponding to a
> given set of files and the data becomes irretrievable. However if HDFS
> at-rest encryption is not enabled or a fine grained keying strategy is not
> possible, another simple strategy can be employed.
> The objective is to ensure once a block is deleted no trace of the data
> within the block exists on disk in unallocated regions, for all blocks,
> providing assurance deleted data cannot be recovered at any time through
> reasonable effort even with low level access.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
