Re: Deployment of PostgreSQL Applications - Mailing list pgsql-general

From Mitch Vincent
Subject Re: Deployment of PostgreSQL Applications
Date
Msg-id 005801c13227$75a5ad70$be615dd8@mitch
Whole thread Raw
In response to Deployment of PostgreSQL Applications  ("Mike Arace" <mikearace@hotmail.com>)
Responses Re: Deployment of PostgreSQL Applications
Re: Deployment of PostgreSQL Applications
List pgsql-general
> 2) More importantly, is it possible to prevent a customer from peeking
into
> said database once it is deployed on their machine?  A large part of what
> makes my application proprietary is the data model in the database, and
it'd
> be tough to maintain a competative edge when everyone can see exactly how
I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine.  I really need to
make
> sure the database is bulletproof before I can begin deployment.

    If the people that have your application have physical access (or even
remote superuser access) to the machine on which the database resides then
there is little you could do to prevent a knowledgeable person from getting
anything he/she wanted from the database, circumventing the PostgreSQL
security measures by reading the information right off the disk... I don't
know how hard or easy it would be to get meaningful information this way but
it's always going to be possible when people have superuser/physical access
to the machine.

-Mitch



pgsql-general by date:

Previous
From: Peter Eisentraut
Date:
Subject: Re: Variable case database names
Next
From: "Gowey, Geoffrey"
Date:
Subject: Re: speed of communication and pgsql development