Search Postgresql Archives

Re: security question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/22/07 08:22, Martijn van Oosterhout wrote:
> On Mon, Jan 22, 2007 at 04:10:15PM +0200, Sim Zacks wrote:
>> How good is postgresql security?
> 
> Good, within limits.
> 
>> For example, If I have data that I do not anyone to see, including the 
>> programmer/dba, is it enough to change the password to the only user?
>> If they have access to the raw files is there a way for them to somehow see 
>> the data?
>> can they copy the files to another postgresql instance where they have 
>> rights and view the data?
> 
> The answer depends heavily on what the "programmer/dba" can do.
> 
> Any superuser of the DB can see any data
> Any user that can access the raw files can see any data
> Any user that can poke into memory can see any data
> Any user that can access the backups can see any data there
> 
> So in theory, if you restrict the programmer appropriately you could do
> it, but you have to check they can still do their job.

Anyone tried running PG with restrictive SELinux policies?

>> Basically, we have a requirement to put sensitive personnel information 
>> into the database, including salary etc. and we don't want any employees, 
>> including the dba to have a possibility of accessing it.
> 
> Very tricky. Look around to see what other people have done. This
> question has come up before.
> 
> Have a nice day,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFtMqdS9HxQb37XmcRAko0AKC5PGCCRbgAEWE0I2+on5qkiGPgkACgxEcB
JQcUuFK60xtLb0bkECciByY=
=jAMn
-----END PGP SIGNATURE-----


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux