Re: Hiding data in postgresql

On Mon, May 24, 2010 at 2:16 PM, Hector Beyers <hqbeyers(at)gmail(dot)com>
wrote:
>
> Hi guys,
> does ANYONE have any tips on hiding data on a database server? This
means
> that data is stored in places that is not necessarily picked up in the
> schema of the database. I am doing some research on databases and need
some
> direction.
> Any help or direction will be highly appreciated.

Like everyone else who has responded I am unsure exactly what you mean
but it might be that you want to implement something like a virtual
private database.

The basic idea is that every user connects to the same database but gets
to see different subsets of data depending on what rights they have.

You implement this using views. No-one gets access to the underlying
tables, instead having access to a secured view. The secured view on
table x looks like this:

create view x as select * from real.x
where i_can_see(x.key);

The function i_can_see() determines whether you can see a particular
row. Naturally access function, i_can_see(), needs to know who a
particular user is and what rights they have. This involves some
careful session management, particularly in today's web-centric
applications.

If you are interested in this technique, then my project, veil:
http://veil.projects.postgresql.org/ , provides tools for building
virtual private databases in Postgres.

Be warned though, this is a difficult thing to do, may have unacceptable
overhead, and may still leave channels open for data compromise.

__
Marc