| From: | Kenneth Buckler <kenneth(dot)buckler(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | PostgreSQL Trusted Startup |
| Date: | 2010-12-20 19:12:24 |
| Message-ID: | AANLkTika73ELMS+cp4v8G3zcp-=8MnmBXHPvJ=ZiiSjs@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hello,
I am investigating security requirements for configuring a PostgreSQL
database on a Linux system.
One of the security requirements our organization would like to implement is
"trusted startup", in that PostgreSQL would verify the authenticity of the
binaries and configuration files before making the database available to
users. This would enable the database to detect if the system has possibly
been compromised.
Since this is a Linux system, I could keep a list of known good MD5
checksums and compare the checksums prior to startup by editing the init
script. The list would of course need to be updated any time I make a
configuration change or apply a patch.
Is there an alternative method of implementing such a requirement? Possibly
one already incorporated into PostgreSQL?
Thanks,
Ken Buckler
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Carlos Mennens | 2010-12-20 19:46:29 | Re: Role Membership |
| Previous Message | Scott Marlowe | 2010-12-20 18:32:56 | Re: Role Membership |