| From: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
|---|---|
| To: | MURAT KOÇ <m(dot)koc21(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Changing Passwords as Encrypted not Clear-Text |
| Date: | 2011-12-19 15:45:28 |
| Message-ID: | 1324309528.29079.23.camel@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2011-12-19 at 17:19 +0200, MURAT KOÇ wrote:
> Thanks for reply. But it's not suitable to trust the people who have
> access to the logs.
>
> Think, I changed my DB password and other DBA colleague who has access
> to the PostgreSQL logs has seen my DB password. He started to use my
> DB password instead of his password.
>
> He executed all DDL and DML statements with my DB account. In fact, I
> did nothing but because of this gap I did all things.
>
> Is it a trustable situation ? How will we identify who is guilty he or
> me?
>
Do they have access to the pg_hba.conf file? because if they have, you
have no chance to stop them from connecting to the database with your
user account and without any need to know your password.
--
Guillaume
http://blog.guillaume.lelarge.info
http://www.dalibo.com
PostgreSQL Sessions #3: http://www.postgresql-sessions.org
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2011-12-19 15:45:50 | Re: Changing Passwords as Encrypted not Clear-Text |
| Previous Message | Alban Hertroys | 2011-12-19 15:32:34 | Re: Changing Passwords as Encrypted not Clear-Text |