> Now, I think that "db authentication" is simply not enough , because > the administrator can copy the data files to his own machine (where he > is the owner of the database). Or just change pg_hba.conf to his taste.... > Is there a way to protect the data files, so even the "malicious > administrator" cannot see the data ? Encrypt it. And keep the key on some other machine. And plan your application so decryption happens on some other machine -- ---------------------------------------------------------------------- | Marcin Kasperski | Communication takes place between people, | http://mekk.waw.pl | documents are secondary. (Booch) | | ----------------------------------------------------------------------
