On Mon, Jan 22, 2007 at 08:30:53AM -0600, Ron Johnson wrote: > > The answer depends heavily on what the "programmer/dba" can do. > > > > Any superuser of the DB can see any data > > Any user that can access the raw files can see any data > > Any user that can poke into memory can see any data > > Any user that can access the backups can see any data there > > > > So in theory, if you restrict the programmer appropriately you could do > > it, but you have to check they can still do their job. > > Anyone tried running PG with restrictive SELinux policies?
I beleive redhat does this by default, if you have SELinux enabled. Suitably restricted, it should mean the dba/programmer won't be able to get at the data except via the database. I don't know of anyone that's actually done this. Have a nice day, -- Martijn van Oosterhout <kleptog@svana.org> http://svana.org/kleptog/ > From each according to his ability. To each according to his ability to > litigate.
signature.asc
Description: Digital signature
