Tom Lane <t...@sss.pgh.pa.us> wrote: > the "OMG Postgres exposes my information" crowd is not going to > distinguish leaks that only expose MCVs from those that trivially > allow sucking out the entire table. Well, I'd be in the crowd that would go "OMG" over one but not the other. At least in our case management software I can't think of any MCVs which would be a problem, while exposing entire tables would be a big problem. If you get the name, address, birth date, or even the social security number in isolation, it doesn't mean much. If you get all of those for one party, it does. I suppose that if you could find that a particular name was used somewhere in the Party table but it was not visible in the public record, you could guess that someone by that name (which is certainly not guaranteed to be unique!) was somehow involved in some role in a juvenile, mental commitment, adoption, sealed, or other confidential case -- but what role in what kind of case would still be a complete mystery, making it much less of a leak than the row in its entirety, much less the entire table (which could expose, for example, who adopted whom -- information not available from a single row). If you are arguing that the ability of someone to know that someone, somewhere, who has had contact with the Wisconsin court system has social security number 987-65-4321 is the same as knowing who has that social security number, and all the demographics about that person, you're dangerously mistaken. -Kevin
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
