Jim,
Yes, you are right. Generally the security control here is encryption of data at rest (TDE), but PostgreSQL doesn't support it, to my knowledge. I know about that vulnerability, but here I posed the question on different one. I agree it is smaller one, compare to the absence of TDE, but I would like to find out if this gates are opened too or not.
Thanks,
Oleg
On Tue, Dec 22, 2015 at 8:48 PM, Jim Nasby <Jim.Nasby@xxxxxxxxxxxxxx> wrote:
On 12/22/15 6:03 PM, oleg yusim wrote:
Absolutely. But we are not talking about that type of data leakage here.
We are talking about potential situation when user, who doesn't have
access to database, but has (or gained) access to the Linux box DB is
installed one and gets his hands on data, database processes stored in
memory (memory would be a common resource here).
Of far larger concern at that point is unauthorized access to the database files.
Basically, if someone gains access to the OS user that Postgres is running as, or to root, it's game-over.
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com
