Timothy Madden <terminatorul@xxxxxxxxx> wrote: > The machine does not have internet It would be very unusual for a machine never to be connected to a network which has Internet access, at least for periodic OS updates or to get new versions of the database or software. But OK, if you say they are never, ever connected to networks with Internet connections, I guess the bad guy would need to access the machine *twice* to get the password off of it and compromise the data. You still haven't suggested any reason that this would be more secure than an encrypted mount-point combined with aggressive idle-time lockup, though. > it will not be trivial for the bad guy to install anything there. Well, if you set up security properly, it wouldn't be trivial for a bad guy to copy the database off the machine under the pending login, if they got hold of it while it was running, unless someone left it running under the root login. Personally, I wouldn't give the password for that login to anyone who was going to be carrying the laptop into the field. > And my idea is exactly that the database is inaccessible, even if > the server starts. But the server needs to read certain data from the database directory in order to start. In particular, WAL files need to be read to get a clean start, and those can contain any data from the database table. Any or all tables may need to be accessed to get the database to a consistent point on startup. Plus there are all the system catalogs, including the ones needed to authenticate users. -Kevin -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
