> I'm in charge of implementing *the* company database. This > database(pgsql) stores information that the whole company is meant to > see and will eventually store private information like social security > numbers, and pay rates.
nice choice of database :) > problem 1 > The server that the database and scripts are stored on is being used > for other purposes and many employees at the company will have shell > access to the server. So I need to protect my script with the database > username and password in it from other users. I know the easy way to do > this is to set the permissions on my files to 660 and set the group to > all the files as apache. And then add all my developers to the apache > group. > However that solution bugs me. So I thought I would ask what other > people did. I'm thinking that rather than use the apache group I will > user an other group for my developers and then just give apache read > access with acls, but I have never used acls before so I'm not sure if > that is a good solution. this is a decent solution. as long as you have file/dir perms and user/groups set up you should not have any issues. you could probably add some additional security with selinux features or implementing additional security measures by hardening the os. user/group acls have been around for years and have provided great security. i would suggest reading more information on your OS acl features and acl features of the filesystem that you have implemented. > problem 2 > I have data in the database that everyone needs access to and other > data that needs to be restricted. So I have names, phone numbers and > social security numbers. I may want to give certain pgsql accounts and > scripts access to a persons name and phone number but not that persons > social security number. Should I create a separate table with a one to > one relation to store the private information? Then I can set > privileges on each table, or is there a better way to do this? like mentioned earlier, you could obfuscate the ssn values with some sort of hash or encryption. that should not be to hard to do. if you use some salt then you would want to make sure that people dont have access to that for additional security. check out the role feature in pgsql and double check that you are setting up the accounts, tables and database properly. I personally have used pgsql and views to create the additional security layer on top of the table layer; passing user information into the view and pgsql stored queries. this allows me to have the following: 1. role based security on the connection, database, schema, tables 2. application user based security on the query, view and pl/pgsql Hope that helps out. -- ray _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
