| From: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
|---|---|
| To: | Claudio Freire <klaussfreire(at)gmail(dot)com> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Column Redaction |
| Date: | 2014-10-31 14:35:11 |
| Message-ID: | CA+U5nMKxx4hX12AhLn7LCqErhVOm9dfOCSt32cZFAC6xL+P0vQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 16 October 2014 01:29, Claudio Freire <klaussfreire(at)gmail(dot)com> wrote:
> But in any case, if the deterrence isn't enough, and you get attacked,
> anything involving redaction as fleshed out in the OP is good for
> nothing. The damage has been done already. The feature doesn't
> meaningfully slow down extraction of data, so anything you do can only
> punish the attacker, not prevent further data theft or damaged
> reputation/business.
Deterrence is exactly the goal.
"Only punishing the attacker" is exactly what this is for. This is not
the same thing as preventative security.
Redaction is designed to prevent authorized users from accidental
misuse. Your business already trusts these people. You know their
names, their addresses, their bank account details and you'll have
already run security scans on them.
--
Simon Riggs http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andres Freund | 2014-10-31 14:38:52 | Re: group locking: incomplete patch, just for discussion |
| Previous Message | Petr Jelinek | 2014-10-31 14:31:29 | Re: tracking commit timestamps |