Q Beukes wrote:
Well,
I am not looking for 100% security. I know that full access if full access,
and that even if you were to encrypt the system through Postgre the
determined
person WILL always be able to get it out if they have system level access.
All I wanted to do was to prevent the basic SQL/Linux literate user from
accessing
the databases. At the moment it is very easy for them to access the data.
mechanism is there for a reason:
I trust that they wont go as far as overwriting the system with custom
compiled
version, or copying the data and so forth. It just that we would feel
much better
if we knew the data wasn't as open as it is now, with a simple pg
restart it is all
open?
Can this only be done by maybe modifying the source to make pg_hba
fields statically
compiled into the executable?
Of course it would be possible to hardcode the values - it's a SMOC. But
nobody round here is likely to do the work reuired, since nobody
believes it's worth doing, I believe.
This mechanism you object to is there for a reason: if you lock yourself
out of the database you can recover from the error. The solution you are
proposing is therefore a huge footgun.
And your user with basic linux/sql knowledge would still be able to see
data fly by, for example, logging statements, or watching network
traffic. How hard is it to run ethereal, after all, or tail a log file?
There is even a module for ethereal that understands the postgres wire
protocol. You aren't asking for security - you are asking for the
illusion of security, which many would argue is worse than no security
at all.
cheers
andrew
---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
