=) yeah, same. Thanks Dave On Mon, Sep 14, 2009 at 01:54:25PM -0600, Scott Marlowe wrote: - Had a similar thing when I was in Chicago about Oracle. Whie oracle - has some form of auditing, the fact is that any resourceful DBA with - root access can cover their tracks if they want. Best of luck. - - On Mon, Sep 14, 2009 at 1:45 PM, David Kerr <dmk@xxxxxxxxxxxxxx> wrote: - > Right, I agree there are things I can do to minimize impact, - > but If SAS70 or similar comes in and says w/o superuser auditing - > we're not giving you the certification, then that still causes us a - > problem. - > - > I don't think it does though, I've gone through SOX and all they - > require is "controlled" superuser access. So they recognise that - > DBA / superuser is all powerful, they just want to make sure your - > company has policies and procedures in place to ensure that very - > few people have that access. - > - > I'm hoping someone on the list has experience to confirm or deny that - > assumption with regards to SAS70. - > - > Thanks! - > - > Dave - > - > - > On Mon, Sep 14, 2009 at 01:38:14PM -0600, Scott Marlowe wrote: - > - Yeah, I question the intelligence of your security expert in this - > - situation. As the superuser, I can do nearly anything I please, it's - > - kind of the point. Now, if he wants you to setup non-superuser roles - > - to do other stuff, I can understand, but there are some things only - > - the superuser can do, and for that, you gotta trust them. - > - - > - On Mon, Sep 14, 2009 at 1:17 PM, David Kerr <dmk@xxxxxxxxxxxxxx> wrote: - > - > anyone pass a SAS70 audit with postgres? - > - > - > - > Our security expert has a lot of concerns due to the lack of - > - > user audit logging that's provided. - > - > - > - > especally for logging superuser / DBA actions. - > - > - > - > Of course, my stance is that you need to trust your DBAs, - > - > but I don't know if SAS70 shares my belief. - > - > - > - > Thanks - > - > - > - > Dave - > - > - > - > -- - > - > Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) - > - > To make changes to your subscription: - > - > http://www.postgresql.org/mailpref/pgsql-general - > - > - > - - > - - > - - > - -- - > - When fascism comes to America, it will be intolerance sold as diversity. - > - - > - - - - -- - When fascism comes to America, it will be intolerance sold as diversity. - -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
