John,
I can answer that - Oracle and MS SQL do, or at least there were able to convince DISA that they do (STIGs for them are present here: http://iase.disa.mil/stigs/Pages/a-z.aspx). That actually benefits those products greatly - from the point of view of security they, once hardened, meet Federal security requirements and such can be used in multiple products other DBs can't (for that very reason).
Thanks,
Oleg
On Thu, Dec 10, 2015 at 4:52 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
On 12/10/2015 2:03 PM, Adrian Klaver wrote:
So some aspect of this:
https://www.stigviewer.com/stig/database_security_requirements_guide/
thats a rather insane bunch of requirements. Reads like a wish list by academic security researchers.
for instance
https://www.stigviewer.com/stig/database_security_requirements_guide/2015-06-23/finding/V-58123
??!? The database server has no clue about the difference between an "application that it supports" and a user directly querying. The PSQL shell, or dbadmin, is an 'application that it supports'.
at this point, speaking purely as a interested outsider (I am in no way representing hte PG Development Group), I'd guess PostgreSQL probably doesn't meet 2/3rds of those 'findings'. I truly wonder if any standard RDBMS supports all or even most of them?!?
--
john r pierce, recycling bits in santa cruz
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
