-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/07 08:22, Martijn van Oosterhout wrote: > On Mon, Jan 22, 2007 at 04:10:15PM +0200, Sim Zacks wrote: >> How good is postgresql security? > > Good, within limits. > >> For example, If I have data that I do not anyone to see, including the >> programmer/dba, is it enough to change the password to the only user? >> If they have access to the raw files is there a way for them to somehow see >> the data? >> can they copy the files to another postgresql instance where they have >> rights and view the data? > > The answer depends heavily on what the "programmer/dba" can do. > > Any superuser of the DB can see any data > Any user that can access the raw files can see any data > Any user that can poke into memory can see any data > Any user that can access the backups can see any data there > > So in theory, if you restrict the programmer appropriately you could do > it, but you have to check they can still do their job. Anyone tried running PG with restrictive SELinux policies? >> Basically, we have a requirement to put sensitive personnel information >> into the database, including salary etc. and we don't want any employees, >> including the dba to have a possibility of accessing it. > > Very tricky. Look around to see what other people have done. This > question has come up before. > > Have a nice day, -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtMqdS9HxQb37XmcRAko0AKC5PGCCRbgAEWE0I2+on5qkiGPgkACgxEcB JQcUuFK60xtLb0bkECciByY= =jAMn -----END PGP SIGNATURE-----
