On 10 October 2014 16:45, Rod Taylor <rod.tay...@gmail.com> wrote: > On my laptop I can pull all 10,000 card numbers in less than 1 second.
Right. Like I said: covert channels exist. Great example of how to exploit them, thanks. Cool SQL. What could be the use of "a security feature that does not prevent security"? As soon as you issue the above query, you have clearly indicated your intention to steal. Receiving information is no longer accidental, it is an explicit act that is logged in the auditing system against your name. This is sufficient to bury you in court and it is now a real deterrent. Redaction has worked. Redaction is similar to a 3m high razor wire fence. The fence reminds you of what is correct and dissuades you from going further. The fence does not prevent access by a determined and skillful agent (Rod), but the CCTV cameras that are set out will record the action. It will be almost impossible to claim you were just walking your dog, and the wire cutters were a gift for your brother in law. Redaction prevents accidental information loss only, forcing any loss that occurs to be explicit. It ensures that loss of information can be tied clearly back to an individual, like an ink packet that stains the fingers of a thief. I don't have a word or pithy phrase for this concept. Maybe something related to "forcing their hand", flushing game into the open, or simply preventing "tipping your hand" and inadvertently allowing data loss. Redaction clearly relies completely on auditing before it can have any additional effect. And the effectiveness of redaction needs to be understood next to Rod's example. Since it relies on auditing, we need to do that first. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
