| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | L van der Walt <mailing(at)lani(dot)co(dot)za> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Securing Postgres |
| Date: | 2005-10-05 15:51:24 |
| Message-ID: | 4343F67C.4030104@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
L van der Walt wrote:
> Richard Huxton wrote:
>
>> L van der Walt wrote:
>>
>>> The big problem is that the administrators works for the client and
>>> not for me. I don't want the client to reverse engineer my database.
>>> There might be other applications on the server so the administrators
>>> do require root access.
>> Well, if it's your client's machine, then they any competent
>> administrator will be able to work around anything you do. They set
>> the ground-rules you work in - you could be running inside a virtual
>> machine and never know.
>> Are your clients really so dishonest that they'd break into the
>> database and take the necessary steps to hide their tracks too?
> No I can not trust the clients administrators.
Then you really need to have your own machine.
> I have played now with MySQL and with MySQL you can change the password
> for root in MySQL (same as postgres in PostgreSQL). If you use the
> command line tools like dump you require the password. Just because
> your root doesn't mean your root in MySQL
Oh, you can stop playing. But you won't stop a determined administrator
for more than about 5 minutes with just a password.
> Can one separate the user postgres in PostgreSQL from the user postgres
> in Linux(The OS)?
Naturally - just set your pg_hba.conf to use passwords rather than
ident. See the manuals for details.
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Scott Marlowe | 2005-10-05 15:59:53 | Re: Securing Postgres |
| Previous Message | Modern Mexican | 2005-10-05 15:41:48 | Re: Untyped result (setof / rowset) from Functions ? |