| From: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com> |
|---|---|
| To: | Douglas McNaught <doug(at)mcnaught(dot)org> |
| Cc: | "Hogan, James F(dot) Jr(dot)" <JHogan(at)seton(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, josh(at)agliodbs(dot)com, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: audit table containing Select statements submitted |
| Date: | 2006-05-15 19:17:18 |
| Message-ID: | 20060515191718.GD26212@pervasive.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, May 15, 2006 at 12:37:34PM -0400, Douglas McNaught wrote:
> "Jim C. Nasby" <jnasby(at)pervasive(dot)com> writes:
>
> > On Mon, May 15, 2006 at 10:55:43AM -0500, Hogan, James F. Jr. wrote:
> >> Only specific tables.
> >>
> >> Of the 150 plus existing there are only 8 or 10 that hold sensitive
> >> data.
> >
> > In that case I'd definately go with the suggestion of creating access
> > functions and logging to a table from within them. Just make sure to
> > mark the functions as volatile.
>
> But what if the user calls the access function, sees the data, then
> issues a ROLLBACK? The audit record would be rolled back as well (as
> Tom pointed out earlier).
>
> You could use dblink to log to a separate audit database, I suppose.
Ooops, forgot about that. Yeah, you'd have to use dblink. If it works
with pgpool performance might not be too horrid.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jim C. Nasby | 2006-05-15 19:29:25 | Re: Compression and on-disk sorting |
| Previous Message | Jeff Frost | 2006-05-15 18:52:41 | Re: does wal archiving block the current client connection? |