Re: pg_hba.conf alternative

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: korry <korry(at)starband(dot)net>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: pg_hba.conf alternative
Date: 2006-02-09 17:27:18
Message-ID: 43EB7B76.9000004@dunslane.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

korry wrote:

>>Since what he is worried about is the ability of admins to get at the
>>data by connecting to the postgres server (after changing pg_hba.conf),
>>this will not make the slightest difference - the data would be
>>decrypted before it ever got to the intruder.
>>
>>
>
>I was suggesting that pg_hba.conf could be stored in the same encrypting
>filesystem.
>
>
>
>

Then how can it be changed? What if you need to allow access from, say,
another user or another network? Oh, the admins have to change it ...

In the end you have to trust your admins or fire them and hire some you
do trust.

cheers

andrew

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2006-02-09 17:28:45 Re: User Defined Types in Java
Previous Message Martijn van Oosterhout 2006-02-09 17:18:37 Re: User Defined Types in Java