Joshua D. Drake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Fri, 14 Mar 2008 02:00:39 -0600
> Micah Yoder <micah@yoderdev.com> wrote:
>
>
>> Maybe it's nuts to consider such a setup (and if you're talking a
>> major bank it probably is) ... and maybe not. At this point it's
>> kind of a mental exercise. :-)
>>
>
> If you don't have enough control over the application to handle that
> type of situation, no database is going to serve your purposes.
>
> Beyond that, PostgreSQL is one of the most flexible database systems
> around when it comes to security and my company professionally supports
> several financial firms using PostgreSQL as their core database.
>
> Sincerely,
>
> Joshia D. Drake
>
Is it possible to share what audit regulations you have been able to
meet with Postgres? Do you deal with SOX or PCI regs that require an
audit trail for DBAs and SAs (e.g. PCI v1.1 10.1)? Short of building in
some Oracle-like audit vault, I don't see how you can do this without
falling back to mitigating controls loopholes.
Paul