From: | Bruce Momjian <bruce(at)momjian(dot)us> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Stephen Frost <sfrost(at)snowman(dot)net>, Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org |
Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
Date: | 2014-05-12 01:01:04 |
Message-ID: | 20140512010104.GC20811@momjian.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Sun, May 4, 2014 at 11:12:57AM -0400, Tom Lane wrote:
> Stephen Frost <sfrost(at)snowman(dot)net> writes:
> > * Abhijit Menon-Sen (ams(at)2ndquadrant(dot)com) wrote:
> >> 1. I wish it were possible to prevent even the superuser from disabling
> >> audit logging once it's enabled, so that if someone gained superuser
> >> access without authorisation, their actions would still be logged.
> >> But I don't think there's any way to do this.
>
> > Their actions should be logged up until they disable auditing and
> > hopefully those logs would be sent somewhere that they're unable to
> > destroy (eg: syslog). Of course, we make that difficult by not
> > supporting log targets based on criteria (logging EVERYTHING to syslog
> > would suck).
>
> > I don't see a way to fix this, except to minimize the amount of things
> > requiring superuser to reduce the chances of it being compromised, which
> > is something I've been hoping to see happen for a long time.
>
> Prohibiting actions to the superuser is a fundamentally flawed concept.
> If you do that, you just end up having to invent a new "more super"
> kind of superuser who *can* do whatever it is that needs to be done.
We did create a "replication" role that could only read data, right? Is
that similar?
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
From | Date | Subject | |
---|---|---|---|
Next Message | Kouhei Kaigai | 2014-05-12 01:09:17 | Re: [v9.5] Custom Plan API |
Previous Message | Peter Eisentraut | 2014-05-12 00:30:03 | [PATCH] empty xml values |