On Wed, Aug 15, 2018 at 09:05:51AM -0700, Evan Rempel wrote: > At the end of the day someone has full access and control and can do anything without auditing database statements. > > For instance, as the root user on the server, I can do: > > - shutdown the server database > - copy the entire DB filespace to my workstation > - change the workstation config for no logging/auditing > - start the workstation Database > - make all the changes I want at the workstation. > - stop the workstation database > - copy all of the files back to the server > - start the server Database. > > no logging of any kind and all of the data would be suspect. Well, that is an intersting attack, and I don't think it requires root --- all it requires is access to the Postgres data directory. Frankly, I don't know if there is a way to prevent the Postgres superuser from silently disabling logging because the _data_ is fully under the control of the Postgres superuser. -- Bruce Momjian <bruce@xxxxxxxxxx> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Ancient Roman grave inscription +
