Alvaro Herrera <alvherre@2ndquadrant.com> writes:
> David G. Johnston wrote:
>> On Wed, Nov 18, 2015 at 12:45 PM, Day, David <dday@redcom.com> wrote:
>>> I believe the concern, based on my current understanding of postgres
>>> inner workings, is that when a dead tuple is reclaimed by vacuuming: Is
>>> that reclaimed space initialized in some fashion that would shred any
>>> sensitive data that was formerly there to any inspection by the
>>> subsequent owner of that disk page ? ( zeroization )
> No. Ultimately, space occupied by dead tuples is "freed" in
> PageRepairFragmentation(), src/backend/storage/page/bufpage.c;
> the contents of the tuples are shuffled to "defragment" the free space,
> but the free space is not zeroed. You could certainly try to read the
> unused page and extract some data from there.
It's quite unclear to me what threat model such a behavior would add
useful protection against.
regards, tom lane