John,

I can answer that - Oracle and MS SQL do, or at least there were able to
convince DISA that they do (STIGs for them are present here:
http://iase.disa.mil/stigs/Pages/a-z.aspx). That actually benefits those
products greatly - from the point of view of security they, once hardened,
meet Federal security requirements and such can be used in multiple
products other DBs can't (for that very reason).

Thanks,

Oleg

On Thu, Dec 10, 2015 at 4:52 PM, John R Pierce <pie...@hogranch.com> wrote:

> On 12/10/2015 2:03 PM, Adrian Klaver wrote:
>
>>
>> So some aspect of this:
>>
>> https://www.stigviewer.com/stig/database_security_requirements_guide/
>>
>
> thats a rather insane bunch of requirements.   Reads like a wish list by
> academic security researchers.
>
> for instance
>
> https://www.stigviewer.com/stig/database_security_requirements_guide/2015-06-23/finding/V-58123
>
> ??!?   The database server has no clue about the difference between an
> "application that it supports" and a user directly querying.  The PSQL
> shell, or dbadmin, is an 'application that it supports'.
>
> at this point, speaking purely as a interested outsider (I am in no way
> representing hte PG Development Group), I'd guess PostgreSQL probably
> doesn't meet 2/3rds of those 'findings'.   I truly wonder if any standard
> RDBMS supports all or even most of them?!?
>
>
>
>
> --
> john r pierce, recycling bits in santa cruz
>
>
>
> --
> Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-general
>

Reply via email to