SQL server Question: Securely deleting records

Posts   
 
    
stoneyowl avatar
stoneyowl
User
Posts: 62
Joined: 29-Jan-2004
# Posted on: 23-Jun-2006 20:01:00   

One of my IT colleagues asked me if there was any way to PROVE that deleting a record from an SQL Server database would really remove it. IE: unlike a 'recyle bin' or file recovery techniques, can it be said that, when you delete a record from a table, then (maybe) reorganize indices, reclaim pages, etc, that that record is REALLY gone, without a chance of recovering it. This is some sort of sensitive data issue....

If anyone could point me to article(s), forum messages, etc. I would appreciate it...

stoneyowl avatar
stoneyowl
User
Posts: 62
Joined: 29-Jan-2004
# Posted on: 23-Jun-2006 21:19:18   

I did find one message thread in 'microsoft.public.sqlserver.programmnig' using the search word 'forensic' that implies that there is no way to PROVe that the data is unrecoverable. Oh, well disappointed

At least it is not my problem....

bertcord avatar
bertcord
User
Posts: 206
Joined: 01-Dec-2003
# Posted on: 24-Jun-2006 02:07:47   

do a search on DBCC PAGE you can use this utility to examine teh database pages

JimFoye avatar
JimFoye
User
Posts: 656
Joined: 22-Jun-2004
# Posted on: 24-Jun-2006 18:54:18   

The only person who could see it, if it could be recovered, would be an adminstrator. If you are concerned about what your dba sees, I'd say you have a problem anyway...

louthy
User
Posts: 61
Joined: 02-Aug-2005
# Posted on: 24-Jun-2006 19:28:51   

Could be for data protection issues, where by law you have to remove someone's information from your systems on-request. If the information doesn't actually go away, then you would be breaking the law I would have thought.

JimFoye avatar
JimFoye
User
Posts: 656
Joined: 22-Jun-2004
# Posted on: 24-Jun-2006 21:27:29   

I would think if you delete the records in the database you're complying with the law. Trying to get the actual bits of the HD seems excessive to me. Just my opinion...

stoneyowl avatar
stoneyowl
User
Posts: 62
Joined: 29-Jan-2004
# Posted on: 26-Jun-2006 14:44:30   

Bear in mind that this is part of the U.S. Army's mindset - they are not always reasonable in their (programming) demands (my personal opinion - I try to meet all requirements, it is just not easy sometimes). And, like I said, this time it is not my concern, the project belongs to a colleague, who has her own problems smile

Otis avatar
Otis
LLBLGen Pro Team
Posts: 39588
Joined: 17-Aug-2003
# Posted on: 26-Jun-2006 15:44:49   

It's a non-issue. A database system uses its own filesystem inside a large file. When a row is deleted, the row is removed from the 'file' which makes up a table (semantically speaking). This could still lead to data being present on a page, but it's no longer accessable.

Removing a file with content from the windows filesystem works more or less the same. Only if you re-pave the complete harddisk byte for byte you will be safe, otherwise the tools they use at forensic labs will easily re-create your files from the disk.

So unless you re-format the piece of harddisk that's occupied with the page the row was located on, you will still have the data on disk, no matter what you do.

Frans Bouma | Lead developer LLBLGen Pro
Walaa avatar
Walaa
Support Team
Posts: 14946
Joined: 21-Aug-2005
# Posted on: 26-Jun-2006 16:10:56   

It seems that Army's mindset is the same everywhere disappointed

but anyway, I think whenever the table has some inserts, the deleted rows will vanish forever.