| From: | Douglas McNaught <doug(at)mcnaught(dot)org> |
|---|---|
| To: | "Jim C(dot) Nasby" <jnasby(at)pervasive(dot)com> |
| Cc: | "Hogan, James F(dot) Jr(dot)" <JHogan(at)seton(dot)org>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, josh(at)agliodbs(dot)com, Andrew Dunstan <andrew(at)dunslane(dot)net>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: audit table containing Select statements submitted |
| Date: | 2006-05-15 16:37:34 |
| Message-ID: | 87u07rjlbl.fsf@suzuka.mcnaught.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Jim C. Nasby" <jnasby(at)pervasive(dot)com> writes:
> On Mon, May 15, 2006 at 10:55:43AM -0500, Hogan, James F. Jr. wrote:
>> Only specific tables.
>>
>> Of the 150 plus existing there are only 8 or 10 that hold sensitive
>> data.
>
> In that case I'd definately go with the suggestion of creating access
> functions and logging to a table from within them. Just make sure to
> mark the functions as volatile.
But what if the user calls the access function, sees the data, then
issues a ROLLBACK? The audit record would be rolled back as well (as
Tom pointed out earlier).
You could use dblink to log to a separate audit database, I suppose.
-Doug
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Joshua D. Drake | 2006-05-15 17:22:31 | Re: [HACKERS] Compiling on 8.1.3 on Openserver 5.05 |
| Previous Message | Jeff Frost | 2006-05-15 16:28:25 | does wal archiving block the current client connection? |