On 11/18/2015 11:45 AM, Day, David wrote:
Hi,
One of my co-workers came out of a NIST cyber-security type meeting
today and asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of postgres
inner workings, is that when a dead tuple is reclaimed by vacuuming:
Is that reclaimed space initialized in some fashion that would shred
any sensitive data that was formerly there to any inspection by the
subsequent owner of that disk page ? ( zeroization )
Got to thinking, are you talking about a physical machine or a
VM/container on shared hosting? If the latter then it is a more generic
problem of detritus left behind between creations of virtual instances
or cross talk on shared storage.
Not sure that is the exact question to ask but hopefully you get a feel
for the requirement is not to leave any sensitive data laying about for
recovery by a hacker, or at least minimize the places it could be
obtained without actually being able to log into postgres or having raw
disk access privileges.
Thanks for any comments/instruction/links on the matter.
Regards
Dave Day
--
Adrian Klaver
adrian.kla...@aklaver.com
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
