| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | L van der Walt <mailing(at)lani(dot)co(dot)za> |
| Cc: | Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing Postgres |
| Date: | 2005-10-05 15:22:51 |
| Message-ID: | 18932.1128525771@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
L van der Walt <mailing(at)lani(dot)co(dot)za> writes:
> The big problem is that the administrators works for the client and not
> for me. I don't want the client to reverse engineer my database.
> There might be other applications on the server so the administrators do
> require root access.
> About the raw database files, I can use encryption to protect the data.
If you think encryption will protect you against someone with root
privileges, you're sadly mistaken. They could, for example, attach
to your process with a debugger and examine the decrypted data appearing
within its memory space. Or just capture the decryption key that way,
and then study the files at their leisure.
All the same points hold for SQL Server of course --- the fact that you
weren't aware of these risks doesn't mean they don't exist.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | John D. Burger | 2005-10-05 15:23:20 | Re: optimizing common subqueries |
| Previous Message | Martijn van Oosterhout | 2005-10-05 15:19:17 | Re: Securing Postgres |