| From: | Thom Brown <thom(at)linux(dot)com> |
|---|---|
| To: | Stephen Frost <sfrost(at)snowman(dot)net> |
| Cc: | Simon Riggs <simon(at)2ndquadrant(dot)com>, Damian Wolgast <damian(dot)wolgast(at)si-co(dot)net>, Heikki Linnakangas <hlinnakangas(at)vmware(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Column Redaction |
| Date: | 2014-10-10 12:28:01 |
| Message-ID: | CAA-aLv4wPj+uU-j613oFwPfURKWi4rjhRi3-YKFxDMysw8LSkg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 10 October 2014 12:45, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> >> This gives the vague impression of security, but it really seems just
>> >> the placing of a few obstacles in the way.
>> >
>> > One might consider that all security is just placing obstacles in the
>> > way.
>>
>> There's a difference between intending that there shouldn't be a way
>> past security and just making access a matter of walking a longer
>> route.
>
> Throwing random 16-digit numbers and associated information at a credit
> card processor could be viewed as "walking a longer route" too. The
> same goes for random key searches or password guesses.
But those would need to be exhaustive, and in nearly all cases,
impractical. Data such as plain credit card numbers stored in a
column, even with all its data masked, would be easy to determine.
Salted and hashed passwords, even with complete visibility of the
value, isn't vulnerable to scrutiny of particular character values.
If it were, no-one would use it.
Thom
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Riggs | 2014-10-10 12:43:01 | Re: Column Redaction |
| Previous Message | Heikki Linnakangas | 2014-10-10 12:25:06 | Re: Column Redaction |