| From: | Michael Poole <poole(at)troilus(dot)org> |
|---|---|
| To: | Jan Vaartjes <j(dot)vaartjes(at)quicknet(dot)nl> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Secure DB design ? |
| Date: | 2002-09-16 15:58:50 |
| Message-ID: | 87r8fu9b9h.fsf@sanosuke.troilus.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Jan Vaartjes writes:
> Im a dutch student, working on a project where security of user
> information stored in a database is priority 1. So the database must
> be designed with high security in mind. I've searched the net very
> intesive, but did'nt find a good recource which can help me with
> "secure database design". I hope someone can help me on such a
> recource, a good book may help too.
The first thing you will need to decide is: What do you mean by security?
There is the integrity of the data: Does the database system preserve
the data accurately, or does it have bugs that corrupt data?
There is identification: How sure are you (or your database system)
that a user of the system is who they say they are?
There is authorization: Does the database system (or layers you put on
top of it) provide good enough access control for your application,
both in what they can read and change? Bugs or design errors in the
system can sometimes circumvent the access controls.
There is transport privacy: Is the user's traffic secure enough
against eavesdropping?
Depending on your application, you may have to address other types of
security. Unfortunately, "security" by itself is so vague as to not
be a useful metric of databaes design.
-- Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Del Mistro, Enzo | 2002-09-16 16:10:53 | removal |
| Previous Message | Michael Meskes | 2002-09-16 15:54:25 | Re: [s.hetze@linux-ag.de: SQLProcedureColumns] |