Q Beukes wrote:
Hello,
Is there not some other alternative to pg_hba.conf?
I have the problem where the system administrators at our company
obviously have access to the whole filesystem, and our database records
needs to be hidden even from them.
With pg_hba.conf that is not possible, as they just change all the conf
lines to "trust" auth and viola they have access to the database without
passwords.
Is there a more secure alternative to this? The perfect scenario being
to deny everyone include "root" access to a database without a password.
This is an illusion, as plenty of security experts will tell you.
Password auth is a losing game for high security in the first place. So
this comment shows that you haven't thought this out properly.
If you want the data hidden from system administrators, you need to have
the client encrypt it before storing it. Of course, that will have
massive implications for your application.
There are no simple solutions. See here for why:
http://www.acm.org/classics/sep95/
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
