× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Remember everything on the system is an object and once the reference to
that object is destroyed, there is not a way to access it without
extraordinary means. Single level storage will see that unassigned space
and start to use it reasonably soon unless the system is at near idle.

For 99.8% of users once an object is destroyed, you can't get back to it.
Could a forensics team get to it, maybe, but then that's extraordinary is it
not?

DB/2 handles row data differently so you could have deleted rows that have
not yet been overwritten, regardless of if you use deleted records option or
not. The best way to clear those rows marked deleted is to reorganize the
file. That's not practical most of the time but it's the way to do it.

If you really need that level of security were temporary files are destroyed
once they are done being used (QTEMP) etc. then you need security level 50.
At one time it was certified by DoD as C2 compliant. I don't think IBM has
chosen to get it recertified since that time.

--
Jim Oberholtzer
Agile Technology Architects


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Charles Wilt
Sent: Tuesday, September 13, 2016 12:49 PM
To: Midrange Systems Technical Discussion
Subject: Re: IBM i data deletion

I'd assume the IFS works just like any other OS file system.

But the given answer, re-write with blanks before deleting, would be
applicable for both IFS and DB2.

You could also look at porting a version of "shred" to PASE or QSH.

Charles


On Tue, Sep 13, 2016 at 1:20 PM, Mike Cunningham <mike.cunningham@xxxxxxx>
wrote:

I know that in a windows environment when you delete a file you really
just delete the directory entry that tells you the name of the file
and where it is on disk, and that the data in the file still exists at
that point and can be retrieved. Does the IFS on IBM i work the same
way, and if so, is there a way to actually overwrite the data space
associated with a file so it is unreadable? Same question for DB2. I
know when a record is deleted its not really deleted because there are
utilities that can undelete a record. And that a RGZPFM gets rid of
deleted records but even doing that does it make all the deleted records
unreadable on disk?

This question is in relation to a PCI-DSS Requirement 3 that states
"Processes for secure deletion of data when no longer needed" and
applies to even data that is encrypted. Instead of just deleting
records from any database that has card holder data in it (encrypted)
should the first step being updating the card data in the record to
blanks first so the blanks are written to disk and then deleting the
record? That way even if someone was able to access a deleted record
the card data would not be there
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe,
or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.