Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.

Поиск
Список
Период
Сортировка
От Adrian Klaver
Тема Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.
Дата
Msg-id 564E1F12.4020206@aklaver.com
обсуждение исходный текст
Ответ на Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.  ("Day, David" <dday@redcom.com>)
Ответы Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.  (Jim Nasby <Jim.Nasby@BlueTreble.com>)
Список pgsql-general
Дерево обсуждения 
On 11/19/2015 08:50 AM, Day, David wrote:
>
>
> -----Original Message-----
> From: Adrian Klaver [mailto:adrian.klaver@aklaver.com]
> Sent: Thursday, November 19, 2015 11:06 AM
> To: Day, David; pgsql-general@postgresql.org
> Subject: Re: [GENERAL] postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.
>
> On 11/19/2015 07:47 AM, Day, David wrote:
>>
>
>>
>> So what are you working on?
>>
>> The document you link to starts with this:
>> "
>> Examples of network devices that are covered by requirements in this cPP include routers, firewalls, VPN gateways,
IDSs,and switches. ..." 
>>
>> So embedded devices. Not sure how prevalent Postgres is in that area.
>>
>> Also the subsection you refer to seems to be talking only about memory, not storage which is where VACUUM FULL
works.That may be an overly fine distinction, but one that can be made. 
>>
>>
>>>
>>> Appreciate everyone's feedback.  This is perhaps a matter that can feed into future OS ( FreeBSD ) and/or Postgress
development.
>>>
>>>
>>> Regards
>>>
>>>
>>> Dave Day
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>> --
>> Adrian Klaver
>> adrian.klaver@aklaver.com
>>
>> Adrian
>>
>> Our app/development is a softswitch, (VoIP), and is considered a network appliance.
>> Postgres in general has been a joy to learn and aside from a a hiccup
>> with plperl and FreeBSD (9.8) that the discussion board helped me resolve some time ago, dependable and problem
free.
>
> I scanned the subsection you referred to, and before acronym fatigue set in, it seems to refer to in memory key
handlingduring device authentication. Is your Postgres instance doing that? 
>
>>
>> Dave

FYI, I appreciate the bottom posts, just a heads up though that you
probably want to put your reply above my signature line. I had to pull
it up to get my email client to see it on reply.

 >Our app is doing the authentication based on the  sensitive
 >information retrieved from postgres tables.
 >Our app zeros out its associated memory to the process when it is done
 >with it. The developer was concerned about the
 >breadcrumbs left in postgress volatile memory in satisfying the query.


Well VACUUM is not going to help there, it works on the data stored on disk.

Might want to take a look at this page:

http://www.postgresql.org/docs/9.4/static/wal-configuration.html


--
Adrian Klaver
adrian.klaver@aklaver.com

В списке pgsql-general по дате отправления:

Предыдущее
От: "Day, David"
Дата:
Сообщение: Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.
Следующее
От: Karsten Hilbert
Дата:
Сообщение: Re: postgres zeroization of dead tuples ? i.e scrubbing dead tuples with sensitive data.