Re: pg_audit to mask literal sql

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: rakeshkumar464 <rakeshkumar464(at)outlook(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: pg_audit to mask literal sql
Date: 2017-10-31 12:08:39
Message-ID: 20171031120839.GT4628@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Greetings,

* rakeshkumar464 (rakeshkumar464(at)outlook(dot)com) wrote:
> By mask I mean pgaudit should log where ssn = '123-456-7891' as where ssn =
> '?'

Data masking really isn't part of auditing, and so even if pgaudit could
do so, that wouldn't really be the right place to make it happen.

There have been discussions about data masking previously but they
haven't really lead anywhere. Having proper auditing capabilities built
into the backend and then a way to classify errors (such as syntax error
or other issue where we couldn't tell what the query actually was due to
a user fat-fingering something) as 'not to be logged' would at least get
us closer to your goal of not wanting sensitive data in the log files,
but PG isn't there yet.

That said, there are quite a few people who do use PG with HIPPA and
address the requirements required for it in other ways (as discussed
elsewhere on this thread).

Thanks!

Stephen

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Stephen Frost 2017-10-31 12:12:12 Re: Roles inherited from a role which is the owner of a database can drop it?
Previous Message Stephen Frost 2017-10-31 12:04:39 Re: Backup strategy using 'wal_keep_segments'