=) yeah, same. Thanks
Dave
On Mon, Sep 14, 2009 at 01:54:25PM -0600, Scott Marlowe wrote:
- Had a similar thing when I was in Chicago about Oracle. Whie oracle
- has some form of auditing, the fact is that any resourceful DBA with
- root access can cover their tracks if they want. Best of luck.
-
- On Mon, Sep 14, 2009 at 1:45 PM, David Kerr <dmk@mr-paradox.net> wrote:
- > Right, I agree there are things I can do to minimize impact,
- > but If SAS70 or similar comes in and says w/o superuser auditing
- > we're not giving you the certification, then that still causes us a
- > problem.
- >
- > I don't think it does though, I've gone through SOX and all they
- > require is "controlled" superuser access. So they recognise that
- > DBA / superuser is all powerful, they just want to make sure your
- > company has policies and procedures in place to ensure that very
- > few people have that access.
- >
- > I'm hoping someone on the list has experience to confirm or deny that
- > assumption with regards to SAS70.
- >
- > Thanks!
- >
- > Dave
- >
- >
- > On Mon, Sep 14, 2009 at 01:38:14PM -0600, Scott Marlowe wrote:
- > - Yeah, I question the intelligence of your security expert in this
- > - situation. As the superuser, I can do nearly anything I please, it's
- > - kind of the point. Now, if he wants you to setup non-superuser roles
- > - to do other stuff, I can understand, but there are some things only
- > - the superuser can do, and for that, you gotta trust them.
- > -
- > - On Mon, Sep 14, 2009 at 1:17 PM, David Kerr <dmk@mr-paradox.net> wrote:
- > - > anyone pass a SAS70 audit with postgres?
- > - >
- > - > Our security expert has a lot of concerns due to the lack of
- > - > user audit logging that's provided.
- > - >
- > - > especally for logging superuser / DBA actions.
- > - >
- > - > Of course, my stance is that you need to trust your DBAs,
- > - > but I don't know if SAS70 shares my belief.
- > - >
- > - > Thanks
- > - >
- > - > Dave
- > - >
- > - > --
- > - > Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
- > - > To make changes to your subscription:
- > - > http://www.postgresql.org/mailpref/pgsql-general
- > - >
- > -
- > -
- > -
- > - --
- > - When fascism comes to America, it will be intolerance sold as diversity.
- > -
- >
-
-
-
- --
- When fascism comes to America, it will be intolerance sold as diversity.
-