| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Fujii Masao <masao(dot)fujii(at)gmail(dot)com> |
| Cc: | David Steele <david(at)pgmasters(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
| Date: | 2015-03-03 00:34:00 |
| Message-ID: | 20150303003400.GB17787@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Feb 19, 2015 at 12:29:18PM +0900, Fujii Masao wrote:
> >> The pg_audit doesn't log BIND parameter values when prepared statement is used.
> >> Seems this is an oversight of the patch. Or is this intentional?
> >
> > It's actually intentional - following the model I talked about in my
> > earlier emails, the idea is to log statements only.
>
> Is this acceptable for audit purpose in many cases? Without the values,
> I'm afraid that it's hard to analyze what table records are affected by
> the statements from the audit logs. I was thinking that identifying the
> data affected is one of important thing for the audit. If I'm malicious DBA,
> I will always use the extended protocol to prevent the values from being
> audited when I execute the statement.
I added protocol-level bind() value logging for log_statement, and there
were many requests for this functionality before I implemented it.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Michael Paquier | 2015-03-03 00:34:57 | Re: [REVIEW] Re: Compression of full-page-writes |
| Previous Message | Andres Freund | 2015-03-03 00:24:10 | Re: [REVIEW] Re: Compression of full-page-writes |