Berend Tober wrote:
L van der Walt wrote:
I would like to secure Postgres completly.
Some issues that I don't know you to fix:
1. User postgres can use psql (...) to do anything.
2. User root can su to postgres and thus do anything.
3. Disable all tools like pg_dump
How do I secure a database if I don't trust the administrators.
The administrator will not break the db but they may not view
any information in the databse.
It may be just me and my silly old-fashion attitudes, but I kind of
think that if your sys admin(s) cannot be trusted, you are pretty much
screwed. And your hiring process needs fixing,
But being that as it may, maintaining physical security, i.e., keeping
the host server in a locked room with restricted and recorded access
and that requires at least two persons present so that collusion is
required for tampering, disabling remote root login, granting limited
sys admin privileges with sudo (which records the sudoer activities,
for auditing purposes) might be a way to accomplish what you are
looking for.
Then, I might as well just leave the whole PostgreSQL DB and write my
own mini DB with encrypted XML files. I am sure someone must have an
answer for me.
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
