Search Postgresql Archives

Re: Local authentication/security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lange Marcus wrote:
Hi,

I guess the answer to the 2 questions would be, yes the user will
probably have physical access to the machine, but will not have
superuser access. The OS is, atleast for now, windows.

I have been looking and searching manuals and so on for different
methods but I still haven´t figured out how or if it is possible. To
be more specific about what I really want: I have an application that
will insert some data into a database and while this data is in the
database I dont want it to be possible to copy it or in any other way
get access to it, except through that application that inserted it.
It woule be acceptable if, and maybe even preferbly when the program
exit, that the database are deleted (so that it is only stored in
memory while using it). But if there is a way to build up a database
that is protected when stored on disc that would also be acceptable.

If the user has physical access to the machine then there's nothing you can do to stop someone who is (a) determined and (b) knowledgeable.

If you want to stop casual access though:
1. Make sure PostgreSQL + its files aren't accessible to normal users.
2. Make sure application will only run as user X
3. Set up a pgpass.conf file only accessible by user X
4. Lock down BIOS etc. to prevent someone booting from a CD-ROM or USB stick.

http://www.postgresql.org/docs/8.2/static/libpq-pgpass.html

That should cope with someone who doesn't know what they're doing. If you're worried about them removing the hard-disk then you'll need to set up an encrypted filesystem and figure out a way to get a password entered on reboot.

--
  Richard Huxton
  Archonet Ltd

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

              http://archives.postgresql.org/

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux