I'm working to secure a PosgreSQL database according to a DoD security guide. It has many very generic requirements that get more toward the internal architecture of the system that wouldn't be apparent to the average admin. I was hoping someone might have some insight to the following requirements:
a) The DBMS must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values.
b) Check DBMS settings and vendor documentation to verify the DBMS properly handles transactions in the event of a system failure. The consistent state must include a security configuration that is at least as restrictive as before the system failure. This must be guaranteed.
