| From: | paul rivers <rivers(dot)paul(at)gmail(dot)com> |
|---|---|
| To: | Micah Yoder <micah(at)yoderdev(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PG secure for financial applications ... |
| Date: | 2008-03-14 11:35:16 |
| Message-ID: | 47DA62F4.4080005@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Micah Yoder wrote:
> Just curious, would PostgreSQL be considered secure for applications involving
> financial matters where the clients have a direct database logon?
>
> First, to clarify, I'm not in a serious position to write such an application.
> I'm just wondering. :-) If it is possible, I may make a proof of concept
> application and document it on a public website. Kind of for fun, but also
> as a learning experience
>
My $0.02 - if you're trying to be pragmatic about it, your starting
point should be whatever audit regulations govern your definition of
"financial matters", and how well-worn the path is to compliance on
Postgres.
Some audit regulations range from dubious to absurd, but they are still
going to be what you have to answer to in the financial world. There are
areas where Postgres will have difficulties, at least against the regs
I've worked with, but IMHO these areas have little to do with real security.
Paul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Kreen | 2008-03-14 12:17:54 | Re: Trigger to run @ connection time? |
| Previous Message | Marc Horvath | 2008-03-14 11:35:15 | Blobs |