3

I'm dealing with having to store some payment card data. In order to be compliant with PCI DSS regulation, we have to purge the data from discs by not just deleting the file from the storage system, but also writing over the bytes with a random sequence of data to make it harder to recover the data.

I would like to be able to leverage a database for my storage needs, (for increased concurrency and simpler querying) however I can't find any way to purge individual records in this fashion.

Are there any known techniques for accomplishing this?

Paul Turner
  • 38,949
  • 15
  • 102
  • 166

1 Answers1

2

As far as I know about PCI DSS, secure wiping is required only for files stored in the filesystem. An RDBMS not necessarily maps data to the file system in a predictable way. What you can do (if you still want to "securely wipe information") is to

  1. Update all records that you want to delete
  2. Delete the data

Let's say you want to delete all records where PAN is 4444441234567890. You can write the following statements:

update card_data set PAN='0000000000000000' where PAN = '4444441234567890';
and then
delete card_data where PAN='0000000000000000';

Further, you might be interested in knowing about Transparent Data Encryption supported by both Oracle and SQL Server.

Jaywalker
  • 3,079
  • 3
  • 28
  • 44
  • in oracle, use the rowid to reference the record, and then you can update every column if needed, and then delete. – Randy Nov 29 '10 at 14:23
  • Tragically, I don't have a recent version of Oracle or SQL 2008 available, but TDE sounds very interesting and completely appropriate for this scenario. – Paul Turner Nov 29 '10 at 15:36
  • ...which makes a strong case to upgrade the DB – Jaywalker Nov 30 '10 at 09:54
  • TDE is best, overwriting existing data may not have the desired effect and clear-text data can be recoverable from many other places external to the row it lives on. http://www.cs.umass.edu/~miklau/pubs/sigmod2007LMS/stahlberg07forensicDB.pdf – Alex K. Nov 30 '10 at 10:31
  • What if the database has a log file, e.g. Postgres WAL? – Mike Dec 06 '10 at 15:56