-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/22/07 09:55, Jan Muszynski wrote: > On 22 Jan 2007 at 16:10, Sim Zacks wrote: > >> How good is postgresql security? For example, If I have data >> that I do not anyone to see, including the programmer/dba, is >> it enough to change the password to the only user? If they have >> access to the raw files is there a way for them to somehow see >> the data? can they copy the files to another postgresql >> instance where they have rights and view the data? >> >> Basically, we have a requirement to put sensitive personnel >> information into the database, including salary etc. and we >> don't want any employees, including the dba to have a >> possibility of accessing it. > > You'll have to store the data encrypted. If you want to be > ultrasecure you should encrypt\decrypt on the client side. > > http://www.postgresql.org/docs/8.2/interactive/encryption-options.html > > > You can encrypt/decrypt server side using fynctions from the > contrib pgrypto module, but if you choose to do it that way then > the data is being transmitted in the clear between the client and > the server (unless you're using SSL). Even if using SSL the data > would be present on the server in unencrypted form both before it > gets stored, and after it gets decrypted and is being sent back > to the client. Any DBA etc would be able to intercept that data. > Not only that but the DBA would be able to intercept the key > being used to encrypt/decrypt the data (and thus be able to > decrypt the contents of the entire DB). Root, I can understand, but why would the DBA be able to intercept the key? > The only way to absolutely prevent this from happening is to > encrypt/decrypt locally on the client side. Unless you are also running DB apps on the host. > This is not a PostgreSQL limitation, it would be true of any DB > out there Running under the standard Unix "root can do anything" security model. Systems with (properly configured) highly-granular security models would not let that happen. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFtOMjS9HxQb37XmcRAk65AJ4kq/gZwtm30ADG1SYNpN4ZPwQSJACcDmKg 3frSz8GJC/FJaTAdDlIiACA= =6f2P -----END PGP SIGNATURE-----
