From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
---|---|
To: | Sim Zacks <sim(at)compulab(dot)co(dot)il> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: security question |
Date: | 2007-01-22 14:22:03 |
Message-ID: | 20070122142203.GA29762@svana.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Mon, Jan 22, 2007 at 04:10:15PM +0200, Sim Zacks wrote:
> How good is postgresql security?
Good, within limits.
> For example, If I have data that I do not anyone to see, including the
> programmer/dba, is it enough to change the password to the only user?
> If they have access to the raw files is there a way for them to somehow see
> the data?
> can they copy the files to another postgresql instance where they have
> rights and view the data?
The answer depends heavily on what the "programmer/dba" can do.
Any superuser of the DB can see any data
Any user that can access the raw files can see any data
Any user that can poke into memory can see any data
Any user that can access the backups can see any data there
So in theory, if you restrict the programmer appropriately you could do
it, but you have to check they can still do their job.
> Basically, we have a requirement to put sensitive personnel information
> into the database, including salary etc. and we don't want any employees,
> including the dba to have a possibility of accessing it.
Very tricky. Look around to see what other people have done. This
question has come up before.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
From | Date | Subject | |
---|---|---|---|
Next Message | Ron Johnson | 2007-01-22 14:30:53 | Re: security question |
Previous Message | A. Kretschmer | 2007-01-22 14:19:13 | Re: security question |