| From: | "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov> |
|---|---|
| To: | "Khangelani Gama" <kgama(at)argility(dot)com>, <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL |
| Date: | 2012-03-14 14:02:48 |
| Message-ID: | 4F605EB80200002500046293@gw.wicourts.gov |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Khangelani Gama <kgama(at)argility(dot)com> wrote:
> the issue we have is that we have many Linux users having root
> access into the system.
Which gives them rights to impersonate any other user on the system
and to erase any audit trail written on that system.
> Auditors wants PostgreSQL to tell who updated what inside the
> database
You might be able to create something which looks plausible without
solving the first problem, but it wouldn't be at all trustworthy.
Consider limiting access to root on your database servers and, in
general, pay attention to the concept of "separation of duties"[1].
-Kevin
[1] http://en.wikipedia.org/wiki/Separation_of_duties
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Ondrejik | 2012-03-14 15:01:20 | Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL |
| Previous Message | Scott Ribe | 2012-03-14 13:39:39 | Re: Update actions (with user name) inside PostgreSQL DB - any version on postgreSQL |