| From: | L van der Walt <mailing(at)lani(dot)co(dot)za> |
|---|---|
| To: | Richard Huxton <dev(at)archonet(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing Postgres |
| Date: | 2005-10-05 15:27:22 |
| Message-ID: | 4343F0DA.8050707@lani.co.za |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Richard Huxton wrote:
> L van der Walt wrote:
>
>> The big problem is that the administrators works for the client and
>> not for me. I don't want the client to reverse engineer my database.
>> There might be other applications on the server so the administrators
>> do require root access.
>>
>> About the raw database files, I can use encryption to protect the data.
>
>
> Well, if it's your client's machine, then they any competent
> administrator will be able to work around anything you do. They set
> the ground-rules you work in - you could be running inside a virtual
> machine and never know.
>
> If your database design is so advanced that you can't chance it
> falling into the hands of others then you'll need to keep a separate
> machine and lock it down yourself.
>
> Are your clients really so dishonest that they'd break into the
> database and take the necessary steps to hide their tracks too?
>
> --
> Richard Huxton
> Archonet Ltd
>
>
No I can not trust the clients administrators.
I have played now with MySQL and with MySQL you can change the password
for root in MySQL (same as postgres in PostgreSQL). If you use the
command line tools like dump you require the password. Just because
your root doesn't mean your root in MySQL
Can one separate the user postgres in PostgreSQL from the user postgres
in Linux(The OS)?
| From | Date | Subject | |
|---|---|---|---|
| Next Message | codeWarrior | 2005-10-05 15:30:49 | Re: query execution |
| Previous Message | John D. Burger | 2005-10-05 15:23:20 | Re: optimizing common subqueries |