Re: PG secure for financial applications ...

From: paul rivers <rivers(dot)paul(at)gmail(dot)com>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Micah Yoder <micah(at)yoderdev(dot)com>, pgsql-general(at)postgresql(dot)org
Subject: Re: PG secure for financial applications ...
Date: 2008-03-14 14:13:14
Message-ID: 47DA87FA.8050501@gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Joshua D. Drake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 14 Mar 2008 02:00:39 -0600
> Micah Yoder <micah(at)yoderdev(dot)com> wrote:
>
>
>> Maybe it's nuts to consider such a setup (and if you're talking a
>> major bank it probably is) ... and maybe not. At this point it's
>> kind of a mental exercise. :-)
>>
>
> If you don't have enough control over the application to handle that
> type of situation, no database is going to serve your purposes.
>
> Beyond that, PostgreSQL is one of the most flexible database systems
> around when it comes to security and my company professionally supports
> several financial firms using PostgreSQL as their core database.
>
> Sincerely,
>
> Joshia D. Drake
>

Is it possible to share what audit regulations you have been able to
meet with Postgres? Do you deal with SOX or PCI regs that require an
audit trail for DBAs and SAs (e.g. PCI v1.1 10.1)? Short of building in
some Oracle-like audit vault, I don't see how you can do this without
falling back to mitigating controls loopholes.

Paul

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Richard Huxton 2008-03-14 14:30:08 Re: LOCK TABLE HELP
Previous Message Alvaro Herrera 2008-03-14 14:01:35 Re: Reindex does not finish 8.2.6