SE-PostgreSQL uses SELinux for database security
Posted Jul 19, 2007 15:17 UTC (Thu) by davecb
Parent article: SE-PostgreSQL uses SELinux for database security
The author wrote: Using SE-PostgreSQL, SELinux security contexts are associated with each table, row and column of the database. [...] . The PostgreSQL user must still have the ability to perform the requested action as the PostgreSQL permissions are checked before the SELinux policies are even consulted. This two-tiered permissions system is probably unnecessary, so SE-PostgreSQL could completely replace the database permissions in secure installations.
Actually the security contexts are part of the Mandatory Access Control (MAC) mechanism. With Discretionary Access Control (DAC),
the creator of a file or database tuple can grant permissions
to anyone, even if they're not authorized to see the data. MAC
overrides this, so that
- you must be cleared for confidential/secret/topsec information, which is done via MAC by the security administrator
- you must have a need to know this particular thing, set via DAC by the owner/manager of the data.
With the two layers of protection, it becomes very hard to
subvert one person or business process and get access to
data you sholdn't have.
to post comments)