I would like to be able to assert that the security of data stored as a value in a PostgreSQL table can be as high as the security of saving that same piece of data to a file on disk. Would that be correct? I can set table permissions, and even use rules to enforce row level access rights. Of course, the PostgreSQL superuser can circumvent any of these efforts, but that's no different than having root on the OS. There are a number of reasons I'd like to think this, but just to pick a concrete example. Let's say I wanted to implement something analogous to the unix shadow password file. I have a table full of usernames and digested passwords. I set up a rule so that only the username associated with a particular record has access to read or modify the password digest for that record. Unix file permissions restrict access to the the data on disk to the postgres user. This actually seems *more* secure to me than the unix shadow password file, because I can do row level permission checking. Is there some reason I'm not thinking of that it would be crazy to consider using PostgreSQL as a secure data store? Of course I must always fear my own incompetance, but that applies to any system, not just PostgreSQL. -- Ron Peterson Network & Systems Manager Mount Holyoke College http://www.mtholyoke.edu/~rpeterso ---------------------------(end of broadcast)--------------------------- TIP 7: don't forget to increase your free space map settings
