Re: Logging access to data in database table

On 01/25/12 20:02, Misa Simic napisa:
> Thanks Bill,
>
> Make sense... db_link is probably then solution... Everything depends on
> concrete problem...
>
> But I still think security should be reconsidered (I would use db_link
> just in case  there is no other options - if we must let users to have
> direct access to DB)... I mean, in that case when we need log each
> request for some sensitive data - we would not allow some user direct
> access to DB where he would be able to do such thing BEGIN TRAN, execute
> function what returns sensitive data, ROLLBACK Tran; (or many other
> things...)
>
> at least there would be an application layer above DB... (concretly in
> our case - Users do not have access to DB at all... everything is
> through Web App, actually DB - Web Service - User Apps (Web, Windows,
> Mobile etc...))
>
> Thanks,
>
> Misa
>
> 2012/1/25 Bill Moran <wmoran@potentialtech.com
> <mailto:wmoran@potentialtech.com>>
>
>     In response to Misa Simic <misa.simic@gmail.com
>     <mailto:misa.simic@gmail.com>>:
>      >
>      > But maybe it would be better to reorganise security on the way
>     that users
>      > who do not need to have access to some data - simply do not have it
>      > (instead of to give them data and latter check log to confirm
>     they have
>      > taken it...)
>
>     In many cases that's not enough.  For example with HIPAA in the US,
>     a user
>     may be allowed to access data, but there still _has_ to be a log record
>     for each access.
>
>     --
>     Bill Moran
>     http://www.potentialtech.com
>     http://people.collaborativefusion.com/~wmoran/
>
>
Thanks for reply,
Bill was right, this is security requirement that is independent of all
other security mechanisms we have implemented in this system :-)

I will check contrib/dblink - it seems to be one of the ways to solve
this problem

Best regards,
Ivan