| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Thom Brown <thom(at)linux(dot)com> |
| Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, Damian Wolgast <damian(dot)wolgast(at)si-co(dot)net>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Column Redaction |
| Date: | 2014-10-10 11:45:46 |
| Message-ID: | 20141010114546.GE28859@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Thom Brown (thom(at)linux(dot)com) wrote:
> On 10 October 2014 12:00, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
> > The discussion about looking up specific card numbers in the original
> > email from Simon was actually an allowed use-case, as I understood it,
> > not a risk concern. Indeed, if you know a valid credit card number
> > already, as in this example, then why are you bothering with the search?
>
> The topic being "column redaction" rather than "column formatting"
> leads me to believe that the main use-case of the feature would be to
> prevent the user from discovering the full value of the column.
I believe the idea is to limit the chances that a user with limited
pre-existing knowledge would be able to determine the full value of
items in the column, especially in bulk.
> It's
> not so much point 1 I was responding do, rather point 3, where you
> don't know the card number, but you get information about it in the
> results.
We'd certainly want to prevent that to the limit possible. Do you have
a specific thought about how they'd be able to find a full number beyond
a random search..?
> The purpose of this feature would be to prevent the user
> from seeing all that data, which is a security feature, but at the
> moment it just seems to be a way of making it a little less easy to
> get at that data.
I certainly appreciate the thought challenges and critique and I'm
hopeful we could make it more than "a little less easy" to get at the
information. If we aren't able to do that, then the feature isn't
useful, certainly.
> >> This gives the vague impression of security, but it really seems just
> >> the placing of a few obstacles in the way.
> >
> > One might consider that all security is just placing obstacles in the
> > way.
>
> There's a difference between intending that there shouldn't be a way
> past security and just making access a matter of walking a longer
> route.
Throwing random 16-digit numbers and associated information at a credit
card processor could be viewed as "walking a longer route" too. The
same goes for random key searches or password guesses.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Amit Kapila | 2014-10-10 11:48:46 | Re: Wait free LW_SHARED acquisition - v0.9 |
| Previous Message | Stephen Frost | 2014-10-10 11:27:47 | Re: Column Redaction |