| From: | Tino Wildenhain <tino(at)wildenhain(dot)de> |
|---|---|
| To: | Q Beukes <pgsql-dev(at)list(dot)za(dot)net> |
| Cc: | Postgresql Dev <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_hba.conf alternative |
| Date: | 2006-02-08 15:09:00 |
| Message-ID: | 43EA098C.3010303@wildenhain.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Q Beukes schrieb:
> Well,
>
> I am not looking for 100% security. I know that full access if full access,
> and that even if you were to encrypt the system through Postgre the
> determined
> person WILL always be able to get it out if they have system level access.
>
> All I wanted to do was to prevent the basic SQL/Linux literate user from
> accessing
> the databases. At the moment it is very easy for them to access the data.
>
> I trust that they wont go as far as overwriting the system with custom
> compiled
> version, or copying the data and so forth. It just that we would feel
> much better
> if we knew the data wasn't as open as it is now, with a simple pg
> restart it is all
> open?
>
> Can this only be done by maybe modifying the source to make pg_hba
> fields statically
> compiled into the executable?
>
Instead, you might want to read about SELinux.
You can protect files even to root (unless they
reboot ;) but really you should have only trusted
people have admin accounts. How comes you have
somebody untrusted as admin?
Regards
Tino
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2006-02-08 15:15:33 | Re: sql row constructor...works! |
| Previous Message | Andrew Dunstan | 2006-02-08 15:08:06 | Re: pg_hba.conf alternative |