| From: | "A(dot) Kretschmer" <andreas(dot)kretschmer(at)schollglas(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: security question |
| Date: | 2007-01-22 14:19:13 |
| Message-ID: | 20070122141913.GC3369@a-kretschmer.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
am Mon, dem 22.01.2007, um 16:10:15 +0200 mailte Sim Zacks folgendes:
> How good is postgresql security?
> For example, If I have data that I do not anyone to see, including the
> programmer/dba, is it enough to change the password to the only user?
> If they have access to the raw files is there a way for them to somehow see
> the data?
> can they copy the files to another postgresql instance where they have
> rights and view the data?
I think, anyone with read access to the database files can read the
information stored in this files.
This isn't a postgresql-problem, this is a general problem.
>
> Basically, we have a requirement to put sensitive personnel information
> into the database, including salary etc. and we don't want any employees,
> including the dba to have a possibility of accessing it.
Store the sensitive data encrypted, and use SSL or other encrypted
communication between server and client.
Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2007-01-22 14:22:03 | Re: security question |
| Previous Message | Ron Johnson | 2007-01-22 14:12:40 | Re: Installing Postegres side-by-side with M$ SQL server]] |