| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
| Cc: | Damian Wolgast <damian(dot)wolgast(at)si-co(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Column Redaction |
| Date: | 2014-10-11 08:51:28 |
| Message-ID: | CA+U5nM+6xjj3gG---kqUyvQQKBmZ85F3H_b6Pp3DOM3qyy_-bQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10 October 2014 11:27, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> wrote:
> I googled for Oracle Data redaction, and found "General Usage guidelines":
>
>> General Usage Guidelines
>>
>> * Oracle Data Redaction is not intended to protect against attacks by
>> privileged database users who run ad hoc queries directly against the
>> database.
>>
>> * Oracle Data Redaction is not intended to protect against users who
>> run exhaustive SQL queries that attempt to determine the actual
>> values by inference.
>
>
> So it's not actually suitable for the example you gave. I don't think we
> want this feature...
The full quote I read is the following...
"Even though Oracle Data Redaction is not intended to protect against
attacks by database users who run ad hoc queries directly against the
database, it can hide sensitive data for these ad hoc query scenarios
when you couple it with other preventive and detective controls."
That full context would have been useful.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2014-10-11 13:07:46 | Re: orangutan seizes up during isolation-check |
| Previous Message | Peter Geoghegan | 2014-10-11 07:46:44 | Re: jsonb contains behaviour weirdness |