| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | "David P(dot) Quigley" <dpquigl(at)tycho(dot)nsa(dot)gov> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Bruce Momjian <bruce(at)momjian(dot)us>, Magnus Hagander <magnus(at)hagander(dot)net>, Chad Sellers <csellers(at)tresys(dot)com>, Josh Berkus <josh(at)agliodbs(dot)com>, KaiGai Kohei <kaigai(at)ak(dot)jp(dot)nec(dot)com>, jd <jd(at)commandprompt(dot)com>, David Fetter <david(at)fetter(dot)org>, Itagaki Takahiro <itagaki(dot)takahiro(at)oss(dot)ntt(dot)co(dot)jp>, KaiGai Kohei <kaigai(at)kaigai(dot)gr(dot)jp>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Adding support for SE-Linux security |
| Date: | 2009-12-11 16:16:27 |
| Message-ID: | 20091211161627.GT17756@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David,
* David P. Quigley (dpquigl(at)tycho(dot)nsa(dot)gov) wrote:
> So I downloaded and read through the PCI DSS document (74 pages is
> pretty light compared to NFSv4.1 hehe...) and There are several areas
> there where I think strong access controls in the database will not only
> fulfill the requirement but provide much stronger guarantees than can be
> provided from the application server alone.
Thanks for taking a look! That sounds like excellent news. My
apologies for attributing the action item to the wrong individual. :)
> The requirements in section 7 can definitely benefit from SEPG.
I don't mean to be a pain, and we're all busy, but perhaps you could
include a short description of what 'requirements in section 7' are..
It would help keep the mailing list archive coherent, and be simpler for
folks who aren't familiar with PCI to play along. A link to the
specific PCI DSS document you looked at would be an alternative, tho not
as good as a 'dumbed-down' description. ;) That would at least avoid
confusion over which document, since I presume there's more than one out
there.
Thanks again for looking over this!
Treat, you've dealt alot with PCI in your commercial work; could you
comment on this for the benefit of the list? I don't doubt David in
the least, but it never hurts to have someone as lucky as yourself in
frequent dealings with PCI compliance to provide any additional
insight.
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2009-12-11 16:28:34 | Re: Adding support for SE-Linux security |
| Previous Message | Bernd Helmle | 2009-12-11 16:13:38 | Re: [PATCH] dtrace probes for memory manager |