Label Security and Fine-grained auditing
I once discussed with you all regarding Oracle's FlashBack Query feature to
recover a database to a certain point of time. That time you all suggested
some indepth cons of this and how it is resource hungry.
One more feature that I am not sure PostgreSQL has is, row-level,
column-level security. Oracle call this Label-Security in which you define a
policy for certain columns so that they are not visible to un-authorised
users during SELECT queries. This is an important security enhancement. One
other feature is called Fine-Grained Auditing. Ability to track user
activities. I hope this is in PostgreSQL in one form or the other.
I want to know your views on this.
Rohit Khare wrote:
One more feature that I am not sure PostgreSQL has is, row-level,
column-level security. Oracle call this Label-Security in which you
define a policy for certain columns so that they are not visible to
un-authorised users during SELECT queries. This is an important
security enhancement. One other feature is called Fine-Grained
Auditing. Ability to track user activities. I hope this is in
PostgreSQL in one form or the other.
Both of these exist or can be assembled from other pieces.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
On Aug 4, 2007, at 7:06 , Rohit Khare wrote:
One more feature that I am not sure PostgreSQL has is, row-level,
column-level security. Oracle call this Label-Security in which you
define a policy for certain columns so that they are not visible to
un-authorised users during SELECT queries. This is an important
security enhancement. One other feature is called Fine-Grained
Auditing. Ability to track user activities. I hope this is in
PostgreSQL in one form or the other.
Would Veil suit your needs?
http://veil.projects.postgresql.org/
Michael Glaesemann
grzm seespotcode net
Rohit Khare wrote:
I once discussed with you all regarding Oracle's FlashBack Query feature
to recover a database to a certain point of time. That time you all
suggested some indepth cons of this and how it is resource hungry.One more feature that I am not sure PostgreSQL has is, row-level,
column-level security. Oracle call this Label-Security in which you
define a policy for certain columns so that they are not visible to
un-authorised users during SELECT queries. This is an important security
enhancement. One other feature is called Fine-Grained Auditing. Ability
to track user activities. I hope this is in PostgreSQL in one form or
the other.I want to know your views on this.
Do you know the Security-Enhanced PostgreSQL project?
It provides fine grained mandatory access control on database objects,
integrated with the security policy of the operating system.
This feature includes row- and column-level access control as you said.
Linux Weekly News provides a good abstraction:
http://lwn.net/Articles/241464/
What is the definition of Fine-Grained Auditing?
SE-PostgreSQL also provides an audit enhancement in row- and column-level.
It can be controled AUDITALLOW of DONTAUDIT rules in the security policy.
See the following URL, to know more details.
There are several documents, SVN repository and RPM packages.
http://code.google.com/p/sepgsql/
Thanks,
--
KaiGai Kohei <kaigai@kaigai.gr.jp>