On 2/3/2011 9:31 AM, Kenneth Buckler wrote:
I'm probably going to be presenting to a mixed audience, some of the developers will have extensive Oracle knowledge, some will have MS SQL Server experience. Plus, I'm not extremely familiar with Oracle, so trying to compare the two would not work well for me. My main focus for this presentation will be to outline how PostgreSQL syntax works, regardless of what server the developer has experience with. With regards to the security issues, unfortunately the developers in question have never programmed with security in mind from the beginning, only as an afterthought, sometimes resulting in having to choose between rebuilding a system completely to comply with security requirements, or try to get an exception granted. This usually results in something to the effect of "why won't you security people just leave us alone and stop making us rebuild our systems". I'm trying to avoid rebuilding systems, and hope to have security as part of the design of the database system. I've already got a good idea what to touch on for the security aspect...just trying to figure out what should be included as far as "Here's how you do THIS in PostgreSQL" Ken
Ahh, ok. Here are my thoughts: 1) sql injection 2) over the wire encryption need? PG ssl connections etc. 3) storing connection info: .ini files? hard code em? etc. 4) HIPAA rules? storing ssn, credit cards, etc 5) backup security (dont leave the tapes in the front seat of your car) 6) the top secret handshake. :-) -Andy -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
