[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postgresql-general
Subject:    Re: [HACKERS] Column Redaction
From:       Simon Riggs <simon () 2ndQuadrant ! com>
Date:       2014-10-31 14:35:11
Message-ID: CA+U5nMKxx4hX12AhLn7LCqErhVOm9dfOCSt32cZFAC6xL+P0vQ () mail ! gmail ! com
[Download RAW message or body]

On 16 October 2014 01:29, Claudio Freire <klaussfreire@gmail.com> wrote:

> But in any case, if the deterrence isn't enough, and you get attacked,
> anything involving redaction as fleshed out in the OP is good for
> nothing. The damage has been done already. The feature doesn't
> meaningfully slow down extraction of data, so anything you do can only
> punish the attacker, not prevent further data theft or damaged
> reputation/business.

Deterrence is exactly the goal.

"Only punishing the attacker" is exactly what this is for. This is not
the same thing as preventative security.

Redaction is designed to prevent authorized users from accidental
misuse. Your business already trusts these people. You know their
names, their addresses, their bank account details and you'll have
already run security scans on them.

-- 
 Simon Riggs                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
[prev in list] [next in list] [prev in thread] [next in thread]