PostgreSQL Auditing
| От | Curtis Ruck |
|---|---|
| Тема | PostgreSQL Auditing |
| Дата | |
| Msg-id | CAFgGLFcVXkFaK_gDuzBHvyvHdR8kai2TfKo2VYaQ-Pe0ELWLWw@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: PostgreSQL Auditing
(Noah Misch <noah@leadboat.com>)
Re: PostgreSQL Auditing (Dave Page <dpage@pgadmin.org>) Re: PostgreSQL Auditing (José Luis Tallón <jltallon@adv-solutions.net>) Re: PostgreSQL Auditing (Simon Riggs <simon@2ndQuadrant.com>) |
| Список | pgsql-hackers |
So Auditing, it seems that some people want auditing (myself, David Steele, 2nd quadrant, and probably others). I personally love postgresql, but until it can meet my annoying compliance requirements, I can't leverage it fully as my organization spends more time on meeting compliance, than actually doing development and engineering.
Sadly, due to the incumbent solutions in the database arena, we are also wasting idiotic amounts of time, money, and increasing system complexity because we are having to use alternative solutions that provide things like auditing.
If David's auditing patch isn't sufficient, what is? Are we waiting on the holy grail of auditing, which implements an entirely new logging subsystem, and hooks so deeply into the innards of PostgreSQL its perfect? Does this mailing list just not care about the potential customers (and potential financial benefits) of providing a complete database solution? Or does the postgresql community just want to stay a hobbyist database that never broaches the enterprise or compliance arenas?
I've worked with many database vendors, and honestly auditing is fairly bland, its boring, and no one really likes it except for the lawyers, and then only when someone was actually caught doing something wrong, which lets face it is quite infrequent given the number of databases that exist out there.
Just because auditing isn't sexy sharding, parallel partitioning, creative indexing (BRIN), or hundreds of thousands of transactions a second, doesn't make it any less of a requirement to countless organizations that would like to use postgresql, but find the audit requirement a must have.
So, in summary, what would it take to get the core PostgreSQL team to actually let auditing patches into the next version?
P.S., do you know what sucks, having a highly performant PostGIS database that works great, and being told to move to Oracle or SQL Server (because they have auditing). Even though they charge extra for Geospatial support (seriously?) or when they don't even have geospatial support (10 years ago). My customer would prefer to re-engineer software designed around PostgreSQL and pay the overpriced licenses, than not have auditing. I agree that their cost analysis is probably way off, even 10 years later, my only solution would be to move to Oracle, SQL Server, a NoSQL solution, or pay EnterpriseDB for their 2 year old version that doesn't have all the cool/modern jsonb support.
В списке pgsql-hackers по дате отправления: