Greetings, * rakeshkumar464 (rakeshkumar...@outlook.com) wrote: > By mask I mean pgaudit should log where ssn = '123-456-7891' as where ssn = > '?'
Data masking really isn't part of auditing, and so even if pgaudit could do so, that wouldn't really be the right place to make it happen. There have been discussions about data masking previously but they haven't really lead anywhere. Having proper auditing capabilities built into the backend and then a way to classify errors (such as syntax error or other issue where we couldn't tell what the query actually was due to a user fat-fingering something) as 'not to be logged' would at least get us closer to your goal of not wanting sensitive data in the log files, but PG isn't there yet. That said, there are quite a few people who do use PG with HIPPA and address the requirements required for it in other ways (as discussed elsewhere on this thread). Thanks! Stephen
signature.asc
Description: Digital signature
