On 02/11/2016 08:30 AM, Lesley Kimmel wrote:
> All;
>
> I'm working to secure a PosgreSQL database according to a DoD security
> guide. It has many very generic requirements that get more toward the
> internal architecture of the system that wouldn't be apparent to the
> average admin. I was hoping someone might have some insight to the
> following requirements:
>
> a) The DBMS must maintain the authenticity of communications sessions by
> guarding against man-in-the-middle attacks that guess at Session ID values.
>
> b) Check DBMS settings and vendor documentation to verify the DBMS
> properly handles transactions in the event of a system failure. The
> consistent state must include a security configuration that is at least
> as restrictive as before the system failure. This must be guaranteed.
Might want to take a look at these threads:
http://www.postgresql.org/message-id/CAKd4e_EXeMp2+DLqeZc=fFCtZ74vL4wVUvavYEM2_-HJu63PsQ@mail.gmail.comhttp://www.postgresql.org/message-
id/CAKd4e_G6xA22C+Sc0QnrLLs03kM1fOPgUNLjymtyRxK64e=VuA@mail.gmail.com
>
> Thanks in advance,
> -LJK
--
Adrian Klaver
adrian.klaver@aklaver.com