On 22 Jan 2007 at 16:10, Sim Zacks wrote: > How good is postgresql security? > For example, If I have data that I do not anyone to see, including the programmer/dba, is it enough > to change the password to the only user? > If they have access to the raw files is there a way for them to somehow see the data? > can they copy the files to another postgresql instance where they have rights and view the data? > > Basically, we have a requirement to put sensitive personnel information into the database, including > salary etc. and we don't want any employees, including the dba to have a possibility of accessing it. You'll have to store the data encrypted. If you want to be ultrasecure you should encrypt\decrypt on the client side. http://www.postgresql.org/docs/8.2/interactive/encryption-options.html You can encrypt/decrypt server side using fynctions from the contrib pgrypto module, but if you choose to do it that way then the data is being transmitted in the clear between the client and the server (unless you're using SSL). Even if using SSL the data would be present on the server in unencrypted form both before it gets stored, and after it gets decrypted and is being sent back to the client. Any DBA etc would be able to intercept that data. Not only that but the DBA would be able to intercept the key being used to encrypt/decrypt the data (and thus be able to decrypt the contents of the entire DB). The only way to absolutely prevent this from happening is to encrypt/decrypt locally on the client side. This is not a PostgreSQL limitation, it would be true of any DB out there. -jan
