On 2019-06-06 23:51:02 +0000, Jan Bilek wrote:
> Process For Managing Secure Data With PostgreSQL
[...]
> Another process running with permissions to access the underlying data is then
> running (probably running as postgres user):
>
> 1. Run the following forever:
>
> a. Wait for pending_secure_erase to contain something
>
> b. Foreach table_name, filename in pending_secure_erase
>
> i. If filename exists use secure erase tool on the file such as the
> shred app
>
> ii. Drop table if exists table_name
Is this safe? You are overwriting the file while it still belongs to the
database. Renaming the table should have gotten rid of all transactions
accessing it, but what about the background writer or autovacuum? I'm
not convinced that nothing would access the file between i. and ii.
hp
--
_ | Peter J. Holzer | we build much bigger, better disasters now
|_|_) | | because we have much more sophisticated
| | | hjp@hjp.at | management tools.
__/ | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
