Re: Securing Postgres - Mailing list pgsql-general

From Scott Marlowe
Subject Re: Securing Postgres
Date
Msg-id 1128529465.29347.163.camel@state.g2switchworks.com
Whole thread Raw
In response to Re: Securing Postgres  (L van der Walt <mailing@lani.co.za>)
List pgsql-general
On Wed, 2005-10-05 at 10:27, L van der Walt wrote:
> Richard Huxton wrote:
>
> > L van der Walt wrote:
> >
> >> The big problem is that the administrators works for the client and
> >> not for me.  I don't want the client to reverse engineer my database.
> >> There might be other applications on the server so the administrators
> >> do require root access.
> >>
> >> About the raw database files,  I can use encryption to protect the data.
> >
> >
> > Well, if it's your client's machine, then they any competent
> > administrator will be able to work around anything you do. They set
> > the ground-rules you work in - you could be running inside a virtual
> > machine and never know.
> >
> > If your database design is so advanced that you can't chance it
> > falling into the hands of others then you'll need to keep a separate
> > machine and  lock it down yourself.
> >
> > Are your clients really so dishonest that they'd break into the
> > database and take the necessary steps to hide their tracks too?
> >
> > --
> >   Richard Huxton
> >   Archonet Ltd
> >
> >
>
> No I can not trust the clients administrators.
>
> I have played now with MySQL and with MySQL you can change the password
> for root in MySQL (same as postgres in PostgreSQL).  If you use the
> command line tools like dump you require the password.  Just because
> your root doesn't mean your root in MySQL
>
> Can one separate the user postgres in PostgreSQL from the user postgres
> in Linux(The OS)?


I think you're missing the point, severely, at this time.  For instance:

http://dev.mysql.com/doc/mysql/en/resetting-permissions.html

tells you how to reset the root password for mysql.  notice this isn't
on some 'leet hacker site, it's on the MYSQL site.

Yes, you can seperate the postgres user in postgres from the one in
unix.  No, it won't help with your current problem.

pgsql-general by date:

Previous
From: Martijn van Oosterhout
Date:
Subject: Re: Securing Postgres
Next
From: SCassidy@overlandstorage.com
Date:
Subject: Re: Securing Postgres