| From: | Bruno Wolff III <bruno(at)wolff(dot)to> |
|---|---|
| To: | Igor Georgiev <gory(at)alphasoft-bg(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Security question : Database access control |
| Date: | 2002-10-22 14:27:09 |
| Message-ID: | 20021022142709.GA29891@wolff.to |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin pgsql-hackers |
On Tue, Oct 22, 2002 at 17:05:38 +0200,
Igor Georgiev <gory(at)alphasoft-bg(dot)com> wrote:
> Is there any way to prevent superuser to acces the database ?
> I mean something like "GRANT / REVOKE CONNECT" MECHANISM
>
> I have no idea how to prevent root from access data in one of this ways :
> root @ linux:~#su - postgres
> postgres @ linux:/usr/local/pgsql/bin$pg_dump ....
> or
> edit pg_hba.conf
> # Allow any user on the local system to connect to any
> # database under any username, but only via an IP connection:
> host all 127.0.0.1 255.255.255.255 trust
> # The same, over Unix-socket connections:
> local all trust
> or my nightmare a cygwin on Win 98 everybody can can access everything :-((((
They can just read the raw database files as well. You have to be able to
trust whoever has root access to the system, as well as anyone who has
physical access to the system.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | JOE | 2002-10-22 14:37:07 | Help with error message |
| Previous Message | dima | 2002-10-22 14:15:29 | Re: Security question : Database access control |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Sullivan | 2002-10-22 14:29:12 | Re: [HACKERS] Hot Backup |
| Previous Message | dima | 2002-10-22 14:15:29 | Re: Security question : Database access control |