Re: audit table containing Select statements submitted

From: "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com>
To: Douglas McNaught <doug(at)mcnaught(dot)org>
Cc: "Hogan, James F(dot) Jr(dot)" <JHogan(at)seton(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, josh(at)agliodbs(dot)com, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: audit table containing Select statements submitted
Date: 2006-05-15 19:17:18
Message-ID: 20060515191718.GD26212@pervasive.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Mon, May 15, 2006 at 12:37:34PM -0400, Douglas McNaught wrote:
> "Jim C. Nasby" <jnasby(at)pervasive(dot)com> writes:
>
> > On Mon, May 15, 2006 at 10:55:43AM -0500, Hogan, James F. Jr. wrote:
> >> Only specific tables.
> >>
> >> Of the 150 plus existing there are only 8 or 10 that hold sensitive
> >> data.
> >
> > In that case I'd definately go with the suggestion of creating access
> > functions and logging to a table from within them. Just make sure to
> > mark the functions as volatile.
>
> But what if the user calls the access function, sees the data, then
> issues a ROLLBACK? The audit record would be rolled back as well (as
> Tom pointed out earlier).
>
> You could use dblink to log to a separate audit database, I suppose.

Ooops, forgot about that. Yeah, you'd have to use dblink. If it works
with pgpool performance might not be too horrid.
--
Jim C. Nasby, Sr. Engineering Consultant jnasby(at)pervasive(dot)com
Pervasive Software http://pervasive.com work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf cell: 512-569-9461

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Jim C. Nasby 2006-05-15 19:29:25 Re: Compression and on-disk sorting
Previous Message Jeff Frost 2006-05-15 18:52:41 Re: does wal archiving block the current client connection?