On 02/11/2016 08:30 AM, Lesley Kimmel wrote:
All;
I'm working to secure a PosgreSQL database according to a DoD security
guide. It has many very generic requirements that get more toward the
internal architecture of the system that wouldn't be apparent to the
average admin. I was hoping someone might have some insight to the
following requirements:
a) The DBMS must maintain the authenticity of communications sessions by
guarding against man-in-the-middle attacks that guess at Session ID values.
b) Check DBMS settings and vendor documentation to verify the DBMS
properly handles transactions in the event of a system failure. The
consistent state must include a security configuration that is at least
as restrictive as before the system failure. This must be guaranteed.
Might want to take a look at these threads:
http://www.postgresql.org/message-id/CAKd4e_EXeMp2+DLqeZc=ffctz74vl4wvuvavyem2_-hju63...@mail.gmail.com
http://www.postgresql.org/message-
id/CAKd4e_G6xA22C+Sc0QnrLLs03kM1fOPgUNLjymtyRxK64e=v...@mail.gmail.com
Thanks in advance,
-LJK
--
Adrian Klaver
adrian.kla...@aklaver.com
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
