| From: | Andre Labuschagne <technical(at)eduadmin(dot)com> |
|---|---|
| To: | Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
| Cc: | Alan Hodgson <ahodgson(at)lists(dot)simkin(dot)ca>, "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
| Subject: | Re: Permissions |
| Date: | 2016-10-05 11:51:29 |
| Message-ID: | 9AEA8500-8D44-4B7B-8E87-AE0D44013C1D@eduadmin.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
> On 5 Oct 2016, at 13:09, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
>
> Please don't top-post on PostgreSQL mailing lists.
>
> Andre Labuschagne wrote:
>>>> The best databases on the planet do allow that - Mimer, Sybase and now I am finding Interbase as well.
>
>> Nothing to do with encryption. This is what the databases mentioned allow you to do. Set a user name
>> and password that only the owner of the database knows about. No super user can gain access to the
>> database no matter where or how it is shipped. It is that simple - the user name and password must
>> reside with the database and only that users name and password can access that database no matter
>> where or how it is shipped. Mounting it onto another PG server must not make it accessible to the
>> super user on that server. That is what I am talking about. The three databases I mentioned work
>> exactly like that - I am sure there are others that do so as well. It is security 101.
>
> Well, if somebody who has access to the files cannot get the contents,
> that is by definition encryption, right? If the data files are not encrypted,
> anybody who can read them can get at the data.
>
>> If you can do that with PG I am all ears. I am really wanting to use PG but this single apparent
>> deficiency is stopping me in my tracks.
>
> Are you trying to find a working solution or just trying to tell us that
> PostgreSQL stinks because it lacks your favourite feature?
>
> For a seasoned old hand like you it should be a trifle to encrypt a backup
> with GnuPG and send it like that. That way nobody but the intended recipient
> can get at the data.
>
> Yours,
> Laurenz Albe
Hi Albe
Apologies for top-posting. I keep forgetting with these mailing lists.
I am seriously looking for a working solution with PG. This is not just my favourite feature. It is the only thing that actually provides any form of security. Anything else leaves a gaping hole at the weakest point - the so-called super user.
Just because PG does not have decent security does not mean it stinks for all situations. There are some where security is not required at all. For this project we are investigating serious security such as I have described is not negotiable.
Encryption is meaningless if the super user can control the encrypting. What is required is the following: the super user grants a user the rights to create a database and all objects within the database. The super user simply grants the user that right. The super user has zero access to what that user creates unless that user explicitly grants the super user those rights. That is called security. That is what I am trying to achieve with PG. I was hoping that it is possible to do such a thing. That is what Mimer, Sybase and Interbase [and perhaps others I am yet to encounter] do as a matter of course. It as necessary for the security of a database as wheels are to a car.
Cheers
Andre
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Albe Laurenz | 2016-10-05 12:06:46 | Re: Permissions |
| Previous Message | Albe Laurenz | 2016-10-05 11:09:09 | Re: Permissions |