On Thu, Feb 19, 2015 at 12:29:18PM +0900, Fujii Masao wrote: > >> The pg_audit doesn't log BIND parameter values when prepared statement is > >> used. > >> Seems this is an oversight of the patch. Or is this intentional? > > > > It's actually intentional - following the model I talked about in my > > earlier emails, the idea is to log statements only. > > Is this acceptable for audit purpose in many cases? Without the values, > I'm afraid that it's hard to analyze what table records are affected by > the statements from the audit logs. I was thinking that identifying the > data affected is one of important thing for the audit. If I'm malicious DBA, > I will always use the extended protocol to prevent the values from being > audited when I execute the statement.
I added protocol-level bind() value logging for log_statement, and there were many requests for this functionality before I implemented it. -- Bruce Momjian <br...@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + Everyone has their own god. + -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
