Re: [HACKERS] Label Security and Fine-grained auditing
Rohit Khare wrote: I once discussed with you all regarding Oracle's FlashBack Query feature to recover a database to a certain point of time. That time you all suggested some indepth cons of this and how it is resource hungry. One more feature that I am not sure PostgreSQL has is, row-level, column-level security. Oracle call this Label-Security in which you define a policy for certain columns so that they are not visible to un-authorised users during SELECT queries. This is an important security enhancement. One other feature is called Fine-Grained Auditing. Ability to track user activities. I hope this is in PostgreSQL in one form or the other. I want to know your views on this. Do you know the Security-Enhanced PostgreSQL project? It provides fine grained mandatory access control on database objects, integrated with the security policy of the operating system. This feature includes row- and column-level access control as you said. Linux Weekly News provides a good abstraction: http://lwn.net/Articles/241464/ What is the definition of Fine-Grained Auditing? SE-PostgreSQL also provides an audit enhancement in row- and column-level. It can be controled AUDITALLOW of DONTAUDIT rules in the security policy. See the following URL, to know more details. There are several documents, SVN repository and RPM packages. http://code.google.com/p/sepgsql/ Thanks, -- KaiGai Kohei <[EMAIL PROTECTED]> ---(end of broadcast)--- TIP 5: don't forget to increase your free space map settings
Re: [HACKERS] Label Security and Fine-grained auditing
On Aug 4, 2007, at 7:06 , Rohit Khare wrote: One more feature that I am not sure PostgreSQL has is, row-level, column-level security. Oracle call this Label-Security in which you define a policy for certain columns so that they are not visible to un-authorised users during SELECT queries. This is an important security enhancement. One other feature is called Fine-Grained Auditing. Ability to track user activities. I hope this is in PostgreSQL in one form or the other. Would Veil suit your needs? http://veil.projects.postgresql.org/ Michael Glaesemann grzm seespotcode net ---(end of broadcast)--- TIP 2: Don't 'kill -9' the postmaster
Re: [HACKERS] Label Security and Fine-grained auditing
Rohit Khare wrote: > One more feature that I am not sure PostgreSQL has is, row-level, > column-level security. Oracle call this Label-Security in which you > define a policy for certain columns so that they are not visible to > un-authorised users during SELECT queries. This is an important > security enhancement. One other feature is called Fine-Grained > Auditing. Ability to track user activities. I hope this is in > PostgreSQL in one form or the other. Both of these exist or can be assembled from other pieces. -- Peter Eisentraut http://developer.postgresql.org/~petere/ ---(end of broadcast)--- TIP 9: In versions below 8.0, the planner will ignore your desire to choose an index scan if your joining column's datatypes do not match
[HACKERS] Label Security and Fine-grained auditing
I once discussed with you all regarding Oracle's FlashBack Query feature to recover a database to a certain point of time. That time you all suggested some indepth cons of this and how it is resource hungry. One more feature that I am not sure PostgreSQL has is, row-level, column-level security. Oracle call this Label-Security in which you define a policy for certain columns so that they are not visible to un-authorised users during SELECT queries. This is an important security enhancement. One other feature is called Fine-Grained Auditing. Ability to track user activities. I hope this is in PostgreSQL in one form or the other. I want to know your views on this.