On Fri, 2005-08-12 at 22:37, wisan watcharinporn wrote:
> i have database with critical data (such patient information)
> how can i protect my database from root access
> because this host in company can access with root from many person
> (person who manage some service application on host but must not access this
> patient information)
Ever seen the TShirt "Got root?" If you're root, you're god, pretty
much, and get whatever you want.
If the data is encrypted before being passed to that server, then you've
got some protection, but at a higher processing cost.
Generally, when I've worked on database machines, there is one system
admin who can log into the machine, and one dba who has the ability to
sudo to the postgresql superuser and keep the db happy. That limits the
number of people to two. If your DB can keep a unix box happy, then let
him own the whole thing and you've got minimum exposure.
Expecting to limit roots access once he's on the box is the exact
backwards way to handle this. The way to restrict access is to restrict
the people who can access the box and the levels of their accounts.
If you're in an environment where more than 2 or 3 three people need to
know the root password, your environment is messed up.
