Re: Auditing and Postgres 7.3
| От | Justin Clift |
|---|---|
| Тема | Re: Auditing and Postgres 7.3 |
| Дата | |
| Msg-id | 3C4E9610.C9E8CB2C@postgresql.org обсуждение исходный текст |
| Ответ на | Auditing and Postgres 7.3 (Gavin Sherry <swm@linuxworld.com.au>) |
| Ответы |
Re: Auditing and Postgres 7.3
|
| Список | pgsql-hackers |
Hi Gavin, I can see the usefulness of this concept from a "Data Security" point of view. At one place I worked, it was known one of the marketing people had a reputation of gathering customer details before leaving a job, just so he had something to bargain a pay increase with for his next job. Don't know why people hire a guy like that (I wouldn't), but these people exist. It should definitely be optional, and if not turned on for an object I don't think it should have an associated noticable performance penalty. My thought is useful, but not sure how urgent when compared to other improvements. :) + Justin Gavin Sherry wrote: > > Hi all, > > I've been thinking implementing auditing for Postgres 7.3 and wanted to > see if anyone had any thoughts about it. > > Auditing would allow a user to log queries executed upon different > 'schema' objects - I use the loose sense of the word here. The user would > be able to define the type of query - insert, delete, etc - as well as > choose to log only those queries which were successful or otherwise. > > The superuser would be able to audit unprivileged users. Unprivileged > users would only be able to produce an audit trail upon objects which > he/she owns or has been granted audit privileges to. > > The audit trail would be written either to a new internal system table, > pg_audit, or optionally a file on the file system. I imagine that an > external program would also be needed to read/dump the audit trail. > > So what would an audit trail consist of? > > timestamp > query type > query > query result (successful|unsuccessful) > audit object oid > > I haven't really thought about this too hard just yet but thought I'd see > if people considered this to be a useful addition to Postgres or not, or > if I was going about this the wrong way. > > Gavin > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
В списке pgsql-hackers по дате отправления: