Thread: Label Security and Fine-grained auditing
I once discussed with you all regarding Oracle's FlashBack Query feature to recover a database to a certain point of time.That time you all suggested some indepth cons of this and how it is resource hungry.<br /><br />One more feature thatI am not sure PostgreSQL has is, row-level, column-level security. Oracle call this Label-Security in which you definea policy for certain columns so that they are not visible to un-authorised users during SELECT queries. This is animportant security enhancement. One other feature is called Fine-Grained Auditing. Ability to track user activities. Ihope this is in PostgreSQL in one form or the other. <br /><br />I want to know your views on this.<br />
Rohit Khare wrote: > One more feature that I am not sure PostgreSQL has is, row-level, > column-level security. Oracle call this Label-Security in which you > define a policy for certain columns so that they are not visible to > un-authorised users during SELECT queries. This is an important > security enhancement. One other feature is called Fine-Grained > Auditing. Ability to track user activities. I hope this is in > PostgreSQL in one form or the other. Both of these exist or can be assembled from other pieces. -- Peter Eisentraut http://developer.postgresql.org/~petere/
On Aug 4, 2007, at 7:06 , Rohit Khare wrote: > One more feature that I am not sure PostgreSQL has is, row-level, > column-level security. Oracle call this Label-Security in which you > define a policy for certain columns so that they are not visible to > un-authorised users during SELECT queries. This is an important > security enhancement. One other feature is called Fine-Grained > Auditing. Ability to track user activities. I hope this is in > PostgreSQL in one form or the other. Would Veil suit your needs? http://veil.projects.postgresql.org/ Michael Glaesemann grzm seespotcode net
Rohit Khare wrote: > I once discussed with you all regarding Oracle's FlashBack Query feature > to recover a database to a certain point of time. That time you all > suggested some indepth cons of this and how it is resource hungry. > > One more feature that I am not sure PostgreSQL has is, row-level, > column-level security. Oracle call this Label-Security in which you > define a policy for certain columns so that they are not visible to > un-authorised users during SELECT queries. This is an important security > enhancement. One other feature is called Fine-Grained Auditing. Ability > to track user activities. I hope this is in PostgreSQL in one form or > the other. > > I want to know your views on this. Do you know the Security-Enhanced PostgreSQL project? It provides fine grained mandatory access control on database objects, integrated with the security policy of the operating system. This feature includes row- and column-level access control as you said. Linux Weekly News provides a good abstraction: http://lwn.net/Articles/241464/ What is the definition of Fine-Grained Auditing? SE-PostgreSQL also provides an audit enhancement in row- and column-level. It can be controled AUDITALLOW of DONTAUDIT rules in the security policy. See the following URL, to know more details. There are several documents, SVN repository and RPM packages. http://code.google.com/p/sepgsql/ Thanks, -- KaiGai Kohei <kaigai@kaigai.gr.jp>