On 11/19/15 1:12 PM, Adrian Klaver wrote:
>Our app is doing the authentication based on the sensitive
>information retrieved from postgres tables.
>Our app zeros out its associated memory to the process when it is done
>with it. The developer was concerned about the
>breadcrumbs left in pos
On Thu, Nov 19, 2015 at 09:01:47AM -0600, Merlin Moncure wrote:
> It's quite a stretch to assume that HIPAA applies to internal garbage
> collection minutia.
It, of course, does.
Which is why applying your suggestion ...
> A much better way to look at compliance is to encrypt all sensitive
> de
On 11/19/2015 08:50 AM, Day, David wrote:
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Thursday, November 19, 2015 11:06 AM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Thursday, November 19, 2015 11:06 AM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/19/2015
On 11/19/2015 07:47 AM, Day, David wrote:
So what are you working on?
The document you link to starts with this:
"
Examples of network devices that are covered by requirements in this cPP include
routers, firewalls, VPN gateways, IDSs, and switches. ..."
So embedded devices. Not sure how
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Thursday, November 19, 2015 10:32 AM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/19/2015
tuples with sensitive data.
On 11/18/2015 12:57 PM, Day, David wrote:
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 3:47 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples
On Wed, Nov 18, 2015 at 3:49 PM, John McKown
wrote:
> Not necessarily. Think PHI or HIPAA information which was "erased" because
> you lost a customer. Or just something as "simple" as a name, address, and
> credit card number for someone. It's still important and useful to thieves
> if it is "era
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 4:05 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/18/2015
On 11/18/2015 01:51 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 01:38:47PM -0800, Adrian Klaver wrote:
Alright, I was following you up to this. Seems to me deleted data would
represent stale/old data and would be less valuable.
If the data that was deleted is sensitive, then the fact th
On 11/18/2015 01:49 PM, John McKown wrote:
On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver
mailto:adrian.kla...@aklaver.com>>wrote:
On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's quite unclear to me what thre
On 11/18/2015 01:46 PM, Michael Nolan wrote:
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver
mailto:adrian.kla...@aklaver.com>> wrote:
Alright, I was following you up to this. Seems to me deleted data
would represent stale/old data and would be less valuable.
It may depend on WHY th
On Wed, Nov 18, 2015 at 04:46:11PM -0500, Melvin Davidson wrote:
> 'm still trying to understand why you think someone can access old data but
> not current/live data.
I don't. It's just another risk. When you're making a list of risks,
you need to list them all. It turns out that in Postgres,
On Wed, Nov 18, 2015 at 01:38:47PM -0800, Adrian Klaver wrote:
> Alright, I was following you up to this. Seems to me deleted data would
> represent stale/old data and would be less valuable.
If the data that was deleted is sensitive, then the fact that you
deleted it but that it didn't actually g
On Wed, Nov 18, 2015 at 3:38 PM, Adrian Klaver
wrote:
> On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
>
>> On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
>>
>>> It's quite unclear to me what threat model such a behavior would add
>>> useful protection against.
>>>
>>
>> If you had som
'm still trying to understand why you think someone can access old data but
not current/live data.
If you encrypt the live data, wouldn't that solve both concerns?
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver
wrote:
> On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
>
>> On Wed, Nov 18, 2015 at
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver
wrote:
>
>> Alright, I was following you up to this. Seems to me deleted data would
> represent stale/old data and would be less valuable.
>
>>
>>
It may depend on WHY the data was deleted. If it represented, say, Hillary
Clinton's deleted email, rec
On 11/18/2015 01:34 PM, Andrew Sullivan wrote:
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
It's quite unclear to me what threat model such a behavior would add
useful protection against.
If you had some sort of high-security database and deleted some data
from it, it's important
On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote:
> It's quite unclear to me what threat model such a behavior would add
> useful protection against.
If you had some sort of high-security database and deleted some data
from it, it's important for the threat modeller to know whether the
dat
On 11/18/2015 12:57 PM, Day, David wrote:
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 3:47 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
-Original Message-
From: Adrian Klaver [mailto:adrian.kla...@aklaver.com]
Sent: Wednesday, November 18, 2015 3:47 PM
To: Day, David; pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead
tuples with sensitive data.
On 11/18/2015 11
On 11/18/2015 11:45 AM, Day, David wrote:
Hi,
One of my co-workers came out of a NIST cyber-security type meeting
today and asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of postgres
On 11/18/2015 11:45 AM, Day, David wrote:
Hi,
One of my co-workers came out of a NIST cyber-security type meeting
today and asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of postgres
On 11/18/2015 11:45 AM, Day, David wrote:
I believe the concern, based on my current understanding of
postgres inner workings, is that when a dead tuple is reclaimed by
vacuuming: Is that reclaimed space initialized in some fashion that
would shred any sensitive data that was formerly t
Alvaro Herrera writes:
> David G. Johnston wrote:
>> On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote:
>>> I believe the concern, based on my current understanding of postgres
>>> inner workings, is that when a dead tuple is reclaimed by vacuuming: Is
>>> that reclaimed space initialized
Which begs the question, what is more important, the old/vacuumed data, or
the current valid data?
If someone can hack into the freed data, then they certainly have the
ability to hack into the current valid data.
So ultimately, the best thing to do is to secure the system from being
hacked, not ze
David G. Johnston wrote:
> On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote:
> > I believe the concern, based on my current understanding of postgres
> > inner workings, is that when a dead tuple is reclaimed by vacuuming: Is
> > that reclaimed space initialized in some fashion that woul
On Wed, Nov 18, 2015 at 12:45 PM, Day, David wrote:
> Hi,
>
>
>
> One of my co-workers came out of a NIST cyber-security type meeting today
> and asked me to delve into postgres and zeroization.
>
>
>
> I am casually aware of mvcc issues and vacuuming
>
>
>
> I believe the concern, based on my
Hi,
One of my co-workers came out of a NIST cyber-security type meeting today and
asked me to delve into postgres and zeroization.
I am casually aware of mvcc issues and vacuuming
I believe the concern, based on my current understanding of postgres inner
workings, is that when a dead tup
29 matches
Mail list logo