Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improving Audit and Accountability in Firebird [CORE5786] #6049

Open
firebird-automations opened this issue Apr 5, 2018 · 3 comments
Open

Comments

@firebird-automations
Copy link
Collaborator

Submitted by: Tony Whyman (twhyman)

Votes: 1

Audit and Accountability are important for some users where there is a need to monitor access and/or modification of data. It is understood that the current Firebird implementation does allow the creation of triggers that can monitor and record various events in a user database or even a security database. However, there are many security related events that cannot be logged using triggers and which may, nevertheless, be important to some users.

These events include:

Failed Login attempts
Database Creation and Deletion
Database Encryption/Decryption
Operations performed through the Services API.
Creation/Deletion of metadata objects
Activation/Deactivation of metadata objects where applicable.

It is proposed that Firebird should be enhanced such that a logging mechanism is provided to permit such events to be logged and that the use of such a logging mechanism should be configurable on a global or per database basis.

@firebird-automations
Copy link
Collaborator Author

Commented by: @hvlad

Audit and Trace services allows to log every item at the list above.
And Audit feature is specially designed for such needs.
There is some issues with logging of failed login attempts (due to changes in authentication in fb3), though.

DDL triggers allows to log most list items, i believe, namely:
- Database Encryption/Decryption
- Creation/Deletion of metadata objects
- Activation/Deactivation of metadata objects where applicable.

@firebird-automations
Copy link
Collaborator Author

Commented by: Sean Leyne (seanleyne)

Vlad,

How can triggers on metadata be created? User triggers on system tables (where the metadata is stored) are not allowed.

@firebird-automations
Copy link
Collaborator Author

Commented by: @hvlad

Sean,

i speak about DDL triggers, already implemented in Firebird 3

https://www.firebirdsql.org/file/documentation/release_notes/html/en/3_0/rnfb30-psql-ddltriggers.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant