| From: | Joe Conway <mail(at)joeconway(dot)com> |
|---|---|
| To: | Simon Riggs <simon(at)2ndQuadrant(dot)com>, Rod Taylor <rod(dot)taylor(at)gmail(dot)com> |
| Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Thom Brown <thom(at)linux(dot)com>, Damian Wolgast <damian(dot)wolgast(at)si-co(dot)net>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Claudio Freire <klaussfreire(at)gmail(dot)com> |
| Subject: | Re: Column Redaction |
| Date: | 2014-10-11 13:41:26 |
| Message-ID: | 54393386.8040607@joeconway.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10/11/2014 02:40 AM, Simon Riggs wrote:
> As soon as you issue the above query, you have clearly indicated
> your intention to steal. Receiving information is no longer
> accidental, it is an explicit act that is logged in the auditing
> system against your name. This is sufficient to bury you in court
> and it is now a real deterrent. Redaction has worked.
>
> Redaction is similar to a 3m high razor wire fence. The fence
> reminds you of what is correct and dissuades you from going
> further. The fence does not prevent access by a determined and
> skillful agent (Rod), but the CCTV cameras that are set out will
> record the action. It will be almost impossible to claim you were
> just walking your dog, and the wire cutters were a gift for your
> brother in law.
>
> Redaction prevents accidental information loss only, forcing any
> loss that occurs to be explicit. It ensures that loss of
> information can be tied clearly back to an individual, like an ink
> packet that stains the fingers of a thief.
>
> I don't have a word or pithy phrase for this concept. Maybe
> something related to "forcing their hand", flushing game into the
> open, or simply preventing "tipping your hand" and inadvertently
> allowing data loss.
>
> Redaction clearly relies completely on auditing before it can have
> any additional effect. And the effectiveness of redaction needs to
> be understood next to Rod's example.
>
> Since it relies on auditing, we need to do that first.
This is a really good summary. I definitely know of folks who would be
interested in this feature, but I also agree, as you have said, it
relies on a good audit trail.
Joe
- --
Joe Conway
credativ LLC: http://www.credativ.us
Linux, PostgreSQL, and general Open Source
Training, Service, Consulting, & 24x7 Support
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUOTOGAAoJEDfy90M199hlswcP/1qUtwvsb+a4hKqL3FsIIkmK
+2f5x+TRm1C5B04QhVa4A7iOr+lfzcoGChV2x2EwCqKJWNzwcpZfB/vBNv593KU4
/WZ+r0o0Hih69dE8gAS602xkrw8x3iAqcTzfyrfiE2O9yhYjoCmqqPls6PtgACc7
JI9pNiPRO+Sd2B308FaD70KkbnGDjMeFPgrxU7NRZwf0NG/bkDq28vSJl5QLg6DO
lFEtB1mMVWWmlnfTgw+zTXamxPJZTLK2Z38OBX3mjjD+64kEMjI5YQ39X8T9Ndfu
0dCA6KCqfCiy/ANETv0ScdoO/uiEQ6VfkbXy1lHK9sWDgu7HOwTPo4c0ft4tILDK
NIXvCYAFK0aPzuEVLFfwf6wm6BP7kuJ+42fY+VwMwCkt4DoQpLRJChIQzJ9ilmK2
suMSmC/sxHeRkLwRAo4uHyAzLZbectq3VC6Zdjlx35jdWG7We1katBoIU8MOC0sc
YFcUJRQk+PTxjp1fOPS7szDZulCMMXP4s0v07hiW5z6EaY82I9mJk6dnuk8eha16
3h4zBgbkM9hZhKLlbwLFSUKZrQdUklRJDXQhUuUqSIOQAU02zEKs2Pl0w1l+h5CY
cb0xPfvkIVPgrDMRfEhdbr+rh2jcEE4gQeuWNe0cexuyZiKI+Xc2MLscaeqIeBNJ
bEur+OvRj+wlnrYPGA80
=gTcG
-----END PGP SIGNATURE-----
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2014-10-11 13:43:55 | Re: Column Redaction |
| Previous Message | Amit Kapila | 2014-10-11 13:32:59 | Re: Wait free LW_SHARED acquisition - v0.9 |