On 02/11/2016 08:30 AM, Lesley Kimmel wrote:
All; I'm working to secure a PosgreSQL database according to a DoD security guide. It has many very generic requirements that get more toward the internal architecture of the system that wouldn't be apparent to the average admin. I was hoping someone might have some insight to the following requirements: a) The DBMS must maintain the authenticity of communications sessions by guarding against man-in-the-middle attacks that guess at Session ID values. b) Check DBMS settings and vendor documentation to verify the DBMS properly handles transactions in the event of a system failure. The consistent state must include a security configuration that is at least as restrictive as before the system failure. This must be guaranteed.
Might want to take a look at these threads: http://www.postgresql.org/message-id/CAKd4e_EXeMp2+DLqeZc=fFCtZ74vL4wVUvavYEM2_-HJu63PsQ@xxxxxxxxxxxxxx http://www.postgresql.org/message- id/CAKd4e_G6xA22C+Sc0QnrLLs03kM1fOPgUNLjymtyRxK64e=VuA@xxxxxxxxxxxxxx
Thanks in advance, -LJK
-- Adrian Klaver adrian.klaver@xxxxxxxxxxx -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
