Re: [HACKERS] Security question : Database access control
Next your going to ask what will stop root from stopping your PostgreSQL, compiling a second copy with authentication disabled and using your data directory as it's source :) He he somebody can blow up ur home with C4, but this don't stop you from locking ur door !?! ---(end of broadcast)--- TIP 2: you can get off all lists at once with the unregister command (send unregister YourEmailAddressHere to [EMAIL PROTECTED])
Re: [HACKERS] Security question : Database access control
On Tue, 2002-10-22 at 12:12, Igor Georgiev wrote: edit *pg_hba.conf * # Allow any user on the local system to connect to any # database under any username, but only via an IP connection: host all 127.0.0.1 255.255.255.255trust # The same, over Unix-socket connections: localall trust what about reading pg_hba.conf comments? localall md5 Ok, but my question actually isn't about pg_hba.conf comments, i read enough but what will stop root from adding this lines or doing su - postgres ?? Next your going to ask what will stop root from stopping your PostgreSQL, compiling a second copy with authentication disabled and using your data directory as it's source :) If you want to prevent root from accomplishing these things, you're going to have to look to your kernel for help. The kernel must prevent root from changing users, starting / stopping applications, or touching certain filesystems. PostgreSQL will let you put a password on the data. But that only works if they actually try to use PostgreSQL to get at the data. There are a couple of tools which were designed to recover database data while the db is not running. -- Rod Taylor ---(end of broadcast)--- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
Re: [HACKERS] Security question : Database access control
edit *pg_hba.conf * # Allow any user on the local system to connect to any # database under any username, but only via an IP connection: host all 127.0.0.1 255.255.255.255 trust # The same, over Unix-socket connections: local all trust what about reading pg_hba.conf comments? local all md5 Ok, but my question actually isn't about pg_hba.conf comments, i read enough but what will stop root from adding this lines or doing su - postgres ??
Re: [HACKERS] Security question : Database access control
On Tue, 22 Oct 2002, Igor Georgiev wrote: edit *pg_hba.conf * # Allow any user on the local system to connect to any # database under any username, but only via an IP connection: host all 127.0.0.1 255.255.255.255trust # The same, over Unix-socket connections: localall trust what about reading pg_hba.conf comments? localall md5 Ok, but my question actually isn't about pg_hba.conf comments, i read enough but what will stop root from adding this lines or doing su - postgres ?? Nothing, root is GOD in unix. He can do whatever he wants. ---(end of broadcast)--- TIP 4: Don't 'kill -9' the postmaster
Re: [HACKERS] Security question : Database access control
Next your going to ask what will stop root from stopping your PostgreSQL, compiling a second copy with authentication disabled and using your data directory as it's source :) He he i'm enough paranoic :)) If you want to prevent root from accomplishing these things, you're going to have to look to your kernel for help. The kernel must prevent root from changing users, starting / stopping applications, or touching certain filesystems. PostgreSQL will let you put a password on the data. But that only works if they actually try to use PostgreSQL to get at the data. use PostgreSQL to get at the data -Yeah this will be enough i want just only REVOKE CONNECT PRIVILEGES on database
