From: | oleg yusim <olegyusim(at)gmail(dot)com> |
---|---|
To: | PostgreSQL General <pgsql-general(at)postgresql(dot)org> |
Subject: | Failing to known state |
Date: | 2016-01-05 23:09:41 |
Message-ID: | CAKd4e_G6xA22C+Sc0QnrLLs03kM1fOPgUNLjymtyRxK64e=VuA@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Greetings,
One more security requirement I'm battling with:
The DBMS must fail to a secure state if system initialization fails,
shutdown fails, or aborts fail.
Failure to a known state can address safety or security in accordance with
the mission/business needs of the organization.
Failure to a known secure state helps prevent a loss of confidentiality,
integrity, or availability in the event of a failure of the information
system or a component of the system.
Failure to a known safe state helps prevent systems from failing to a state
that may cause loss of data or unauthorized access to system resources.
Systems that fail suddenly and with no incorporated failure state planning
may leave the hosting system available but with a reduced security
protection capability. Preserving information system state data also
facilitates system restart and return to the operational mode of the
organization with less disruption of mission/business processes.
Databases must fail to a known consistent state. Transactions must be
successfully completed or rolled back.
In general, security mechanisms should be designed so that a failure will
follow the same execution path as disallowing the operation. For example,
application security methods, such as isAuthorized(), isAuthenticated(),
and validate(), should all return false if there is an exception during
processing. If security controls can throw exceptions, they must be very
clear about exactly what that condition means.
Abort refers to stopping a program or function before it has finished
naturally. The term abort refers to both requested and unexpected
terminations.
The question here, what is PostreSQL 9.4.5 (hosted on Linux box) behavior?
Does it fail to known/secure state in these 3 cases? I tried to find the
description of the way PostgreSQL fails in this regard, but didn't find
much.
Thanks,
Oleg
From | Date | Subject | |
---|---|---|---|
Next Message | Joshua D. Drake | 2016-01-05 23:14:34 | Re: Failing to known state |
Previous Message | Joshua D. Drake | 2016-01-05 21:09:04 | Re: Code of Conduct: Is it time? |