Search Postgresql Archives

Re: security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Feb 05, 2005 at 09:08:00PM -0500, Ron Peterson wrote:
> I would like to be able to assert that the security of data stored
> as a value in a PostgreSQL table can be as high as the security of
> saving that same piece of data to a file on disk.  Would that be
> correct?

I hate to put it so bluntly, but "security" isn't a product that you
buy or a service that you use.  It's not even a rigid set of
procedures, however well-thought-out such a set might be.

Instead, it's a large and by its nature flexible set of processes that
you must implement and keep up to date.  What distinguishes security
in the computer field from other kinds of things involving computers
is the existence of one or more attackers.  In re: how to do security,
I'll quote Bruce Schneier's 5-step security evaluation:

   1. What assets are you trying to protect?
   2. What are the risks to those assets?
   3. How well does the security solution mitigate those risks?
   4. What other risks does the security solution cause?
   5. What costs and tradeoffs does the security solution impose?

Until you have answered questions 1 and 2, you can't even start on an
implementation.

Cheers,
D
-- 
David Fetter david@xxxxxxxxxx http://fetter.org/
phone: +1 510 893 6100   mobile: +1 415 235 3778

Remember to vote!

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux