On Wed, Oct 15, 2014 at 4:59 PM, Simon Riggs <si...@2ndquadrant.com> wrote: > On 15 October 2014 20:41, Claudio Freire <klaussfre...@gmail.com> wrote: >> On Sat, Oct 11, 2014 at 4:40 AM, Simon Riggs <si...@2ndquadrant.com> wrote: >>> On 10 October 2014 16:45, Rod Taylor <rod.tay...@gmail.com> wrote: >>> Redaction prevents accidental information loss only, forcing any loss >>> that occurs to be explicit. It ensures that loss of information can be >>> tied clearly back to an individual, like an ink packet that stains the >>> fingers of a thief. >> >> That is not true. >> >> It can only be tied to a session. That's very far from an individual >> in court terms, if you ask a lawyer. >> >> You need a helluva lot more to tie that to an individual. > > So you're familiar then with this process? So you know that an auditor > would trigger an investigation, resulting in deeper surveillance and > gathering of evidence that ends with various remedial actions, such as > court. How would that process start then, if not this way?
I've seen lots of such investigations fail because the evidence wasn't strong enough to link to a particular person, but rather a computer terminal or something like that. Unless you also physically restrict access to such terminal to a single person through other means (which is quite uncommon practice except perhaps in banks), that evidence is barely circumstantial. But you'd have to ask a lawyer in your country to be sure. I can only speak for my own experiences in my own country which is probably not yours nor has the same laws. Law is a complex beast. So, you really want actual information security in addition to that deterrent you speak of. I don't say the deterrent is bad, I only say it's not good enough on its own. -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
