Search Postgresql Archives

Re: pg_audit to mask literal sql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Greetings,

* rakeshkumar464 (rakeshkumar464@xxxxxxxxxxx) wrote:
> By mask I mean pgaudit should log where ssn = '123-456-7891' as where ssn =
> '?' 

Data masking really isn't part of auditing, and so even if pgaudit could
do so, that wouldn't really be the right place to make it happen.

There have been discussions about data masking previously but they
haven't really lead anywhere.  Having proper auditing capabilities built
into the backend and then a way to classify errors (such as syntax error
or other issue where we couldn't tell what the query actually was due to
a user fat-fingering something) as 'not to be logged' would at least get
us closer to your goal of not wanting sensitive data in the log files,
but PG isn't there yet.

That said, there are quite a few people who do use PG with HIPPA and
address the requirements required for it in other ways (as discussed
elsewhere on this thread).

Thanks!

Stephen

Attachment: signature.asc
Description: Digital signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux