Friday, March 30, 2007

Security-Enhanced PostgreSQL

Recently, I came across a posting announcing the release of a SELinux-enhanced version of PostgreSQL. SE-PostgreSQL makes use of the labeling and Mandatory Access Control (MAC) features that SELinux provides. This is a tremendous addition to enterprise security, particularly in the government and financial fields.

What SE-PostgreSQL provides is a mechanism for controlling access to information in a database in a very fine-graned manner. The example provided in the announcement demonstrates this using a table containing beverage information. In this example, the table contains several columns related to different types of beverages (name, price, type of beverage, quantity on hand, etc.). The table is then altered to require a SE-Linux security context to access specific parts of this data. For example, one security context is required to access the table at all. An additional, higher-security context is required to access rows where the beverage is not a soft-drink. If you look at the output provided in the sample queries, you will see that these rules are applied based on the user's security context. The amount of customization doesn't end there, however. You can apply access control based on rows, columns, tables, databases, etc. While this level of customization may be intimidating to smaller enterprises, larger enterprises will welcome the flexibility it gives them.

This type of capability has huge ramifications for the use of PostgreSQL, Linux, and open-source in general within the government and financial sectors. Data of different government classification levels can now reside in the same database. A unified database can be used in financial institutions with assurance that the information cannot be modified by unprivileged or unauthorized users. My small amount of SQL experience has largely revolved around open-source databases, such as MySQL and PostgreSQL. My day job does not require much SQL work, so as a result I only play around with it on my free time. While MySQL seems to be the most widely used, my personal preference is for PostgreSQL. True, it lacks some of the features MySQL has, such as clustering. However, it more than makes up for it in other ways, such as its strict transaction handling abilities. I've always felt PostgreSQL's security architecture was superior as well, with its ability to use external authentication sources (Kerberos, LDAP, etc.) for users. The addition of SELinux support to this mix has put PostgreSQL in a class unmatched by any other open-source database (and many closed-source ones as well).

No comments: