Skip site navigation (1) Skip section navigation (2)

Re: Auditing and Postgres 7.3

From: Justin Clift <justin(at)postgresql(dot)org>
To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Auditing and Postgres 7.3
Date: 2002-01-23 10:53:04
Message-ID: 3C4E9610.C9E8CB2C@postgresql.org (view raw or flat)
Thread:
Lists: pgsql-hackers
Hi Gavin,

I can see the usefulness of this concept from a "Data Security" point of
view.

At one place I worked, it was known one of the marketing people had a
reputation of gathering customer details before leaving a job, just so
he had something to bargain a pay increase with for his next job.  Don't
know why people hire a guy like that (I wouldn't), but these people
exist.

It should definitely be optional, and if not turned on for an object I
don't think it should have an associated noticable performance penalty.

My thought is useful, but not sure how urgent when compared to other
improvements.

:)

+ Justin


Gavin Sherry wrote:
> 
> Hi all,
> 
> I've been thinking implementing auditing for Postgres 7.3 and wanted to
> see if anyone had any thoughts about it.
> 
> Auditing would allow a user to log queries executed upon different
> 'schema' objects - I use the loose sense of the word here. The user would
> be able to define the type of query - insert, delete, etc - as well as
> choose to log only those queries which were successful or otherwise.
> 
> The superuser would be able to audit unprivileged users. Unprivileged
> users would only be able to produce an audit trail upon objects which
> he/she owns or has been granted audit privileges to.
> 
> The audit trail would be written either to a new internal system table,
> pg_audit, or optionally a file on the file system. I imagine that an
> external program would also be needed to read/dump the audit trail.
> 
> So what would an audit trail consist of?
> 
> timestamp
> query type
> query
> query result (successful|unsuccessful)
> audit object oid
> 
> I haven't really thought about this too hard just yet but thought I'd see
> if people considered this to be a useful addition to Postgres or not, or
> if I was going about this the wrong way.
> 
> Gavin
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
   - Indira Gandhi

In response to

Responses

pgsql-hackers by date

Next:From: Henshall, Stuart - WCPDate: 2002-01-23 11:03:16
Subject: Re: RFD: schemas and different kinds of Postgres objects
Previous:From: Gavin SherryDate: 2002-01-23 10:18:57
Subject: Auditing and Postgres 7.3

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group