Re: pgaudit - an auditing extension for PostgreSQL
| От | David Steele |
|---|---|
| Тема | Re: pgaudit - an auditing extension for PostgreSQL |
| Дата | |
| Msg-id | 54E6A813.7070605@pgmasters.net обсуждение исходный текст |
| Ответ на | Re: pgaudit - an auditing extension for PostgreSQL (Fujii Masao <masao.fujii@gmail.com>) |
| Список | pgsql-hackers |
On 2/18/15 10:29 PM, Fujii Masao wrote: > On Thu, Feb 19, 2015 at 12:25 AM, David Steele <david@pgmasters.net> wrote: >>> The pg_audit doesn't log BIND parameter values when prepared statement is used. >>> Seems this is an oversight of the patch. Or is this intentional? >> >> It's actually intentional - following the model I talked about in my >> earlier emails, the idea is to log statements only. > > Is this acceptable for audit purpose in many cases? Without the values, > I'm afraid that it's hard to analyze what table records are affected by > the statements from the audit logs. I was thinking that identifying the > data affected is one of important thing for the audit. If I'm malicious DBA, > I will always use the extended protocol to prevent the values from being > audited when I execute the statement. I agree with you, but I wonder how much is practical at this stage. Let me think about it and see what I can come up with. -- - David Steele david@pgmasters.net
В списке pgsql-hackers по дате отправления: