On Fri, 2009-12-11 at 08:56 -0500, Stephen Frost wrote: [snip...] > I do assume we're going to do row level security, but I do not feel that > we need to particularly put one in front of the other. I also feel that > SEPG will be valuable even without row-level security. One of the > realms that we discussed at BWPUG for this is PCI compliance. I'm > hopeful Josh will have an opportunity to review the PCI compliance > "cheat-sheet" that I recall Robert Treat offering and comes to agreement > that SEPG w/o row-level security would greatly improve our ability to > have a PCI compliant system backed with PG. >
So I downloaded and read through the PCI DSS document (74 pages is pretty light compared to NFSv4.1 hehe...) and There are several areas there where I think strong access controls in the database will not only fulfill the requirement but provide much stronger guarantees than can be provided from the application server alone. The requirements in section 7 can definitely benefit from SEPG. If you implement these requirements in the application server and in PG access controls alone there is still an attack vector where a malicious user manages to steal the credentials for a particular role. With PG-ACE you can write a security module (although SEPG already allows for this) to restrict access to the data using the existing role-based access controls in PG and then apply additional restrictions such as, only this program may act as this role or access this database. This provides better guarantees than exist in current PCI compliant implementations using PG today. Dave -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
