'm still trying to understand why you think someone can access old data but not current/live data. If you encrypt the live data, wouldn't that solve both concerns?
On Wed, Nov 18, 2015 at 4:38 PM, Adrian Klaver <adrian.kla...@aklaver.com> wrote: > On 11/18/2015 01:34 PM, Andrew Sullivan wrote: > >> On Wed, Nov 18, 2015 at 03:22:44PM -0500, Tom Lane wrote: >> >>> It's quite unclear to me what threat model such a behavior would add >>> useful protection against. >>> >> >> If you had some sort of high-security database and deleted some data >> from it, it's important for the threat modeller to know whether the >> data is gone-as-in-overwritten or gone-as-in-marked-free. This is the >> same reason they want to know whether a deleted file is actually just >> unlinked on the disk. >> >> This doesn't mean one thing is better than another; just that, if >> you're trying to understand what data could possibly be exfiltrated, >> you need to know the state of all of it. >> >> For realistic cases, I expect that deleted data is usually more >> important than updated data. But a threat modeller needs to >> understand all these variables anyway. >> > > Alright, I was following you up to this. Seems to me deleted data would > represent stale/old data and would be less valuable. > >> >> A >> >> > > -- > Adrian Klaver > adrian.kla...@aklaver.com > > > > -- > Sent via pgsql-general mailing list (pgsql-general@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-general > -- *Melvin Davidson* I reserve the right to fantasize. Whether or not you wish to share my fantasy is entirely up to you.
