=) yeah, same. Thanks
Dave
On Mon, Sep 14, 2009 at 01:54:25PM -0600, Scott Marlowe wrote:
- Had a similar thing when I was in Chicago about Oracle. Whie oracle
- has some form of auditing, the fact is that any resourceful DBA with
- root access can cover their tracks if they want. Best of luck.
Had a similar thing when I was in Chicago about Oracle. Whie oracle
has some form of auditing, the fact is that any resourceful DBA with
root access can cover their tracks if they want. Best of luck.
On Mon, Sep 14, 2009 at 1:45 PM, David Kerr wrote:
> Right, I agree there are things I can do t
Right, I agree there are things I can do to minimize impact,
but If SAS70 or similar comes in and says w/o superuser auditing
we're not giving you the certification, then that still causes us a
problem.
I don't think it does though, I've gone through SOX and all they
require is "controlled" super
Yeah, I question the intelligence of your security expert in this
situation. As the superuser, I can do nearly anything I please, it's
kind of the point. Now, if he wants you to setup non-superuser roles
to do other stuff, I can understand, but there are some things only
the superuser can do, and
anyone pass a SAS70 audit with postgres?
Our security expert has a lot of concerns due to the lack of
user audit logging that's provided.
especally for logging superuser / DBA actions.
Of course, my stance is that you need to trust your DBAs,
but I don't know if SAS70 shares my belief.
Thanks
