From: | L van der Walt <mailing(at)lani(dot)co(dot)za> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Securing Postgres |
Date: | 2005-10-05 14:37:38 |
Message-ID: | 4343E532.4020106@lani.co.za |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Berend Tober wrote:
> L van der Walt wrote:
>
>> I would like to secure Postgres completly.
>>
>> Some issues that I don't know you to fix:
>> 1. User postgres can use psql (...) to do anything.
>> 2. User root can su to postgres and thus do anything.
>> 3. Disable all tools like pg_dump
>>
>> How do I secure a database if I don't trust the administrators.
>> The administrator will not break the db but they may not view
>> any information in the databse.
>
>
> It may be just me and my silly old-fashion attitudes, but I kind of
> think that if your sys admin(s) cannot be trusted, you are pretty much
> screwed. And your hiring process needs fixing,
>
> But being that as it may, maintaining physical security, i.e., keeping
> the host server in a locked room with restricted and recorded access
> and that requires at least two persons present so that collusion is
> required for tampering, disabling remote root login, granting limited
> sys admin privileges with sudo (which records the sudoer activities,
> for auditing purposes) might be a way to accomplish what you are
> looking for.
>
>
>
Then, I might as well just leave the whole PostgreSQL DB and write my
own mini DB with encrypted XML files. I am sure someone must have an
answer for me.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-10-05 14:41:20 | Re: Cast to integer |
Previous Message | Richard Huxton | 2005-10-05 14:32:53 | Re: Securing Postgres |