On Fri, Oct 4, 2019 at 3:42 AM Stephen Frost <sfr...@snowman.net> wrote:
> > > It doesn't seem like it would require > > much work at all to construct an argument that a hacker might enjoy > > having unfettered access to pg_clog even if no other part of the > > database can be read. > > The question isn't about what hackers would like to have access to, it's > about what would actually provide them with a channel to get information > that's sensitive, and at what rate. Perhaps there's an argument to be > made that clog would provide a high enough rate of information that > could be used to glean sensitive information, but that's certainly not > an argument that's been put forth, instead it's the knee-jerk reaction > of "oh goodness, if anything isn't encrypted then hackers will be able > to get access to everything" and that's just not a real argument. > Huh. That is *exactly* the argument I made. Though granted the example was on multixact primarily, because I think that is much more likely to leak interesting information, but the basis certainly applies to all the metadata. -- Magnus Hagander Me: https://www.hagander.net/ <http://www.hagander.net/> Work: https://www.redpill-linpro.com/ <http://www.redpill-linpro.com/>
