Re: pg_hba.conf alternative

From: Martijn van Oosterhout <kleptog(at)svana(dot)org>
To: Q Beukes <pgsql-dev(at)list(dot)za(dot)net>
Cc: Postgresql Dev <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: pg_hba.conf alternative
Date: 2006-02-08 12:56:01
Message-ID: 20060208125601.GE1985@svana.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Feb 08, 2006 at 02:34:29PM +0200, Q Beukes wrote:
> Is there not some other alternative to pg_hba.conf?
>
> I have the problem where the system administrators at our company
> obviously have access to the whole filesystem, and our database records
> needs to be hidden even from them.
>
> With pg_hba.conf that is not possible, as they just change all the conf
> lines to "trust" auth and viola they have access to the database without
> passwords.

Or they just copy the whole database to another machine and access it
that way. Or copy your backups. Or hack the application accessing the
data (the application has the password in it, right?).

If can stop them doing those things you can stop them altering
pg_hba.conf too so your problem is solved.

> Is there a more secure alternative to this? The perfect scenario being
> to deny everyone include "root" access to a database without a password.

Well, you could change the source to remove struct auth, but then they'd
just compile their own version and overwrite the system one.

Yes, we're looking for alternatives for pg_hba.conf, but what you want
is to dam a river with sheets of paper.

Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Marcio 2006-02-08 12:57:45 Situation with delphi7 x postgresql 8.1.2
Previous Message Stephen Frost 2006-02-08 12:49:32 Re: sql row constructor...works!