Joshua D. Drake wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 14 Mar 2008 02:00:39 -0600
Micah Yoder <micah@xxxxxxxxxxxx> wrote:
Maybe it's nuts to consider such a setup (and if you're talking a
major bank it probably is) ... and maybe not. At this point it's
kind of a mental exercise. :-)
If you don't have enough control over the application to handle that
type of situation, no database is going to serve your purposes.
Beyond that, PostgreSQL is one of the most flexible database systems
around when it comes to security and my company professionally supports
several financial firms using PostgreSQL as their core database.
Sincerely,
Joshia D. Drake
Is it possible to share what audit regulations you have been able to
meet with Postgres? Do you deal with SOX or PCI regs that require an
audit trail for DBAs and SAs (e.g. PCI v1.1 10.1)? Short of building in
some Oracle-like audit vault, I don't see how you can do this without
falling back to mitigating controls loopholes.
Paul
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
