I want to know how to improve the security of postgresql
Hi guys,can you give me some advices about how to improve the security of postgresql?
Now I major in the security of postgresql and the destination is create a database with security level of B1(TCSEC),what should I do now,what program language should I use?
Thanks!
Sting
""xiapw"" <xiapw@lreis.ac.cn> wrote
Hi guys,can you give me some advices about how to improve the security of
postgresql?
Now I major in the security of postgresql and the destination is create a
database with security level of B1(TCSEC),what should I do now,what
program language should I use?
Thanks!
Sting
PostgreSQL has a very good fame of security in real-world applications, but
frankly it is at most in C2 level according to TCSEC standards (the in-core
support of "auditing" is missing). So to support B1, there are some
non-trivial work ahead I am afraid :-( I would suggest you have a look at
the TCSEC standards and list the *exact* functionalities that we don't
provide so far.
Regards,
Qingqing
Hi guys,can you give me some advices about how to improve the
security of postgresql?Now I major in the security of postgresql and the destination is
create a database with security level of B1(TCSEC),what should I do
now,what program language should I use?
Well, since PostgreSQL is implemented in C, the language you obviously
need to use is... C.
You may want to do more checking as to what you actually want to do.
I don't think the NSA is continuing to do TPEP evaluations, which is
where the C1-C3, B1-B3, A1 levels of the Rainbow books came in.
It would be an unfortunate waste of effort to try to conform to a
standard that is no longer considered of commercial importance.
Remember that TCSEC was published in 1985, and there haven't been any
new evaluations since 2000.
Mind you, there may be some principles to be found in looking at the
evaluation done of Sybase Adaptive Server 6.0.2 against the "Common
Criterion."
--
(format nil "~S@~S" "cbbrowne" "acm.org")
http://linuxdatabases.info/info/wp.html
"Never insult seven men, when all you're packin' is a six gun"
--- Zane Gray
Sting,
I'm not entirely sure what you mean by improving the security of
postgresql but if you want to implement smart, efficient row-level
security you could take a look at Veil
http://pgfoundry.org/projects/veil/
Check the project home page for documentation. Veil is still an alpha
release but I am prepared to work with any potential users to bring it
up to a production release.
__
Marc
On Thu, 2005-12-29 at 06:48 -0400, pgsql-general-owner@postgresql.org
wrote:
Show quoted text
Date: Thu, 29 Dec 2005 10:09:01 +0800
From: "xiapw" <xiapw@lreis.ac.cn>
To: <pgsql-general@postgresql.org>
Subject: I want to know how to improve the security of postgresql
Message-ID: <001201c60c1c$d5e414f0$4503a8c0@sting>Hi guys,can you give me some advices about how to improve the security
of postgresql?
Now I major in the security of postgresql and the destination is
create a database with security level of B1(TCSEC),what should I do
now,what program language should I use?
Thanks!
Sting[Attachment of type text/html removed.]
Import Notes
Reply to msg id not found: 20051229104947.17F29701634@mx1.hub.orgReference msg id not found: 20051229104947.17F29701634@mx1.hub.org | Resolved by subject fallback
On Thu, Dec 29, 2005 at 09:22:09AM -0800, Marc Munro wrote:
Marc, is there a higher level written summary available
somewhere to be read to understand conceptually how you
implemented row level security ?
We will (in GNUmed) eventually have to implement row level
security. The current thinking is by restricting access to
the tables and setting up views that always do "... where
user=current_user" to limit the viewable data set.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
On Sat, Dec 31, 2005 at 05:18:19PM +0100, Karsten Hilbert wrote:
We will (in GNUmed) eventually have to implement row level
security. The current thinking is by restricting access to
the tables and setting up views that always do "... where
user=current_user" to limit the viewable data set.
Which is - roughly speaking - what Veil does anyways :-)
I'll link Veil with our TODO item on that part.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
Karsten,
The project homepage has a reference to the project documentation. It
can be found here:
http://veil.projects.postgresql.org/curdocs/index.html
If this does not contain what you are looking for, please explain what
you need to know as I'd like to improve the documentation.
I'm guessing that you'd like a conceptual overview. I intended this to
be provided in the section Overview: a quick introduction to Veil buit
maybe it falls short. If there is a better way to introduce the
concepts, I'd like to hear any ideas.
Feel free to contact me directly if you have any questions at all. I'd
be pleased to help GNUmed.
__
Marc
On Sat, 2005-12-31 at 16:49 -0400, pgsql-general-owner@postgresql.org
wrote:
Show quoted text
Date: Sat, 31 Dec 2005 17:18:19 +0100
From: Karsten Hilbert <Karsten.Hilbert@gmx.net>
To: pgsql-general@postgresql.org
Subject: Re: I want to know how to improve the security of postgresql
Message-ID: <20051231161819.GS5677@merkur.hilbert.loc>On Thu, Dec 29, 2005 at 09:22:09AM -0800, Marc Munro wrote:
Marc, is there a higher level written summary available
somewhere to be read to understand conceptually how you
implemented row level security ?We will (in GNUmed) eventually have to implement row level
security. The current thinking is by restricting access to
the tables and setting up views that always do "... where
user=current_user" to limit the viewable data set.Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
Import Notes
Reply to msg id not found: 20051231205029.A96F2701421@mx1.hub.orgReference msg id not found: 20051231205029.A96F2701421@mx1.hub.org | Resolved by subject fallback