Qingqing Zhou wrote: >Basically I wonder if I can have a superuer that he has every priviliges as >he does now (create language, rotate log files, create checkpoint and >everything superuser can do) but one thing I want to make sure is that he >could not see any user data for security reason (just think my database is >filled with very important UFO data ;-)). In another word, I need a >superuser be able to maintain database but he know nothing about what in the >database. Is there a solution for this in PG? When I ran into this, it was a credit card field for order data and we needed to make sure our admin could not run off with the credit card list. We ended up AES encrypting the cc data before stuffing it into the database and then stored the last 4 digits in another field for display purposes. We could still do CC searches (since the same credit card number always has the same AES encryption). This made security much easier as we now just needed to limit access to the keys themselves and could issue developer keys for the developers running the local version of the application.
