Re: PosgreSQL Security Architecture
| От | Adrian Klaver |
|---|---|
| Тема | Re: PosgreSQL Security Architecture |
| Дата | |
| Msg-id | 56BCB9D7.4070109@aklaver.com обсуждение исходный текст |
| Ответ на | PosgreSQL Security Architecture (Lesley Kimmel <lesley.j.kimmel@gmail.com>) |
| Список | pgsql-general |
On 02/11/2016 08:30 AM, Lesley Kimmel wrote: > All; > > I'm working to secure a PosgreSQL database according to a DoD security > guide. It has many very generic requirements that get more toward the > internal architecture of the system that wouldn't be apparent to the > average admin. I was hoping someone might have some insight to the > following requirements: > > a) The DBMS must maintain the authenticity of communications sessions by > guarding against man-in-the-middle attacks that guess at Session ID values. > > b) Check DBMS settings and vendor documentation to verify the DBMS > properly handles transactions in the event of a system failure. The > consistent state must include a security configuration that is at least > as restrictive as before the system failure. This must be guaranteed. Might want to take a look at these threads: http://www.postgresql.org/message-id/CAKd4e_EXeMp2+DLqeZc=fFCtZ74vL4wVUvavYEM2_-HJu63PsQ@mail.gmail.com http://www.postgresql.org/message- id/CAKd4e_G6xA22C+Sc0QnrLLs03kM1fOPgUNLjymtyRxK64e=VuA@mail.gmail.com > > Thanks in advance, > -LJK -- Adrian Klaver adrian.klaver@aklaver.com
В списке pgsql-general по дате отправления: