| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | L van der Walt <mailing(at)lani(dot)co(dot)za> |
| Cc: | Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing Postgres |
| Date: | 2005-10-05 16:37:05 |
| Message-ID: | 20051005163700.GF12206@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wed, Oct 05, 2005 at 05:27:22PM +0200, L van der Walt wrote:
> I have played now with MySQL and with MySQL you can change the password
> for root in MySQL (same as postgres in PostgreSQL). If you use the
> command line tools like dump you require the password. Just because
> your root doesn't mean your root in MySQL
If you think that protects your data, I have a bridge to sell you. All
I would need to do would be to download the MySQL source, delete the
password check, compile and I can see all the data.
> Can one separate the user postgres in PostgreSQL from the user postgres
> in Linux(The OS)?
Sure, delete the entries from pg_hba.conf. Like so:
root(at)vali:~# su - postgres
postgres(at)vali:~$ psql test
psql: FATAL: no pg_hba.conf entry for host "[local]", user "postgres", database "test", SSL off
See, can't get in. Ofcourse, your "rogue" administrators would simply
add themselves to the config file and they're in. They're root you
see...
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Welty, Richard | 2005-10-05 16:38:00 | Re: Securing Postgres |
| Previous Message | Scott Marlowe | 2005-10-05 16:24:25 | Re: Securing Postgres |