Re: Secure DB design ?
| От | Michael Poole |
|---|---|
| Тема | Re: Secure DB design ? |
| Дата | |
| Msg-id | 87r8fu9b9h.fsf@sanosuke.troilus.org обсуждение исходный текст |
| Ответ на | Secure DB design ? (Jan Vaartjes <j.vaartjes@quicknet.nl>) |
| Список | pgsql-hackers |
Jan Vaartjes writes: > Im a dutch student, working on a project where security of user > information stored in a database is priority 1. So the database must > be designed with high security in mind. I've searched the net very > intesive, but did'nt find a good recource which can help me with > "secure database design". I hope someone can help me on such a > recource, a good book may help too. The first thing you will need to decide is: What do you mean by security? There is the integrity of the data: Does the database system preserve the data accurately, or does it have bugs that corrupt data? There is identification: How sure are you (or your database system) that a user of the system is who they say they are? There is authorization: Does the database system (or layers you put on top of it) provide good enough access control for your application, both in what they can read and change? Bugs or design errors in the system can sometimes circumvent the access controls. There is transport privacy: Is the user's traffic secure enough against eavesdropping? Depending on your application, you may have to address other types of security. Unfortunately, "security" by itself is so vague as to not be a useful metric of databaes design. -- Michael
В списке pgsql-hackers по дате отправления: