Re: [GENERAL] pg_audit to mask literal sql

On 10/30/2017 03:35 PM, John R Pierce wrote:
> On 10/30/2017 10:55 AM, rakeshkumar464 wrote:
>> Is there a way in pgaudit to mask literal sqls like the below:
>>
>> insert into table (col1,col2) values(1,2)
>> select * from table where col1 = 1
>>
>> These sqls are typed by our QA folks using pgadmin. pgaudit records this
>> verbatim which runs afoul of our HIPAA requirement.  Prepared 
>> statements are
>> not an issue since pgaudit provides a way to suppress values.
>
> if you have a HIPAA requirement that says 'dont run manual sql 
> statements', then, well, DONT.
>
> why are QA folks making changes on production databases, anyways?   
> thats not within their domain.   QA should be working on development 
> or staging databases.
>
>
>
I suspect the QA types are testing against production and using/seeing 
real names, etc with queries which create /transitory/ tables.  I wonder 
if the QA folks have been HIPAA certified?  Probable better to get them 
redacted data for testing.


-- 
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general