> Hi guys,can you give me some advices about how to improve the > security of postgresql? > > Now I major in the security of postgresql and the destination is > create a database with security level of B1(TCSEC),what should I do > now,what program language should I use? Well, since PostgreSQL is implemented in C, the language you obviously need to use is... C. You may want to do more checking as to what you actually want to do. I don't think the NSA is continuing to do TPEP evaluations, which is where the C1-C3, B1-B3, A1 levels of the Rainbow books came in. It would be an unfortunate waste of effort to try to conform to a standard that is no longer considered of commercial importance. Remember that TCSEC was published in 1985, and there haven't been any new evaluations since 2000. Mind you, there may be some principles to be found in looking at the evaluation done of Sybase Adaptive Server 6.0.2 against the "Common Criterion." -- (format nil "~S@~S" "cbbrowne" "acm.org") http://linuxdatabases.info/info/wp.html "Never insult seven men, when all you're packin' is a six gun" --- Zane Gray
