From: | Curtis Ruck <curtis(dot)ruck+pgsql(dot)hackers(at)gmail(dot)com> |
---|---|
To: | pgsql-hackers(at)postgresql(dot)org |
Subject: | PostgreSQL Auditing |
Date: | 2016-02-02 01:05:46 |
Message-ID: | CAFgGLFcVXkFaK_gDuzBHvyvHdR8kai2TfKo2VYaQ-Pe0ELWLWw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
So Auditing, it seems that some people want auditing (myself, David Steele,
2nd quadrant, and probably others). I personally love postgresql, but
until it can meet my annoying compliance requirements, I can't leverage it
fully as my organization spends more time on meeting compliance, than
actually doing development and engineering.
Sadly, due to the incumbent solutions in the database arena, we are also
wasting idiotic amounts of time, money, and increasing system complexity
because we are having to use alternative solutions that provide things like
auditing.
If David's auditing patch isn't sufficient, what is? Are we waiting on the
holy grail of auditing, which implements an entirely new logging subsystem,
and hooks so deeply into the innards of PostgreSQL its perfect? Does this
mailing list just not care about the potential customers (and potential
financial benefits) of providing a complete database solution? Or does the
postgresql community just want to stay a hobbyist database that never
broaches the enterprise or compliance arenas?
I've worked with many database vendors, and honestly auditing is fairly
bland, its boring, and no one really likes it except for the lawyers, and
then only when someone was actually caught doing something wrong, which
lets face it is quite infrequent given the number of databases that exist
out there.
Just because auditing isn't sexy sharding, parallel partitioning, creative
indexing (BRIN), or hundreds of thousands of transactions a second, doesn't
make it any less of a requirement to countless organizations that would
like to use postgresql, but find the audit requirement a must have.
So, in summary, what would it take to get the core PostgreSQL team to
actually let auditing patches into the next version?
P.S., do you know what sucks, having a highly performant PostGIS database
that works great, and being told to move to Oracle or SQL Server (because
they have auditing). Even though they charge extra for Geospatial support
(seriously?) or when they don't even have geospatial support (10 years
ago). My customer would prefer to re-engineer software designed around
PostgreSQL and pay the overpriced licenses, than not have auditing. I
agree that their cost analysis is probably way off, even 10 years later, my
only solution would be to move to Oracle, SQL Server, a NoSQL solution, or
pay EnterpriseDB for their 2 year old version that doesn't have all the
cool/modern jsonb support.
From | Date | Subject | |
---|---|---|---|
Next Message | Jim Nasby | 2016-02-02 01:09:15 | Re: WIP: Access method extendability |
Previous Message | Andres Freund | 2016-02-02 00:59:14 | Re: silent data loss with ext4 / all current versions |