From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Jim Nasby <Jim(dot)Nasby(at)BlueTreble(dot)com> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, Simon Riggs <simon(at)2ndquadrant(dot)com>, MauMau <maumau307(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com> |
Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
Date: | 2015-01-26 22:23:28 |
Message-ID: | 20150126222328.GA3854@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Jim,
* Jim Nasby (Jim(dot)Nasby(at)BlueTreble(dot)com) wrote:
> When it comes to changing auditing settings, I think that needs to be very restrictive. Really, it should be more (or differently) restrictive than SU, so that you can effectively audit your superusers with minimal worries about superusers tampering with auditing.
I continue to be of the opinion that you're not going to be able to
effectively audit your superusers with any mechanism that resides inside
of the process space which superusers control. If you want to audit
superusers, you need something that operates outside of the postgres
process space. I'm certainly interested in that, but it's an orthogonal
discussion to anything we're talking about here.
Thanks,
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Nasby | 2015-01-26 22:29:19 | Re: proposal: searching in array function - array_position |
Previous Message | Jim Nasby | 2015-01-26 22:22:33 | Re: Shortcoming in CLOBBER_FREED_MEMORY coverage: disk buffer pointers |