Re: postgresql.key secure storage - Mailing list pgsql-general

From Adam Tauno Williams
Subject Re: postgresql.key secure storage
Date
Msg-id 1252844603.14166.10.camel@linux-m3mt
Whole thread Raw
In response to postgresql.key secure storage  ("Saleem EDAH-TALLY" <nmset@netcourrier.com>)
List pgsql-general
> An application using libpq would require that the private unencrypted key be
> deployed to the end user, together with the public key and trust cert. This
> would mean if the end user is curious enough and computer litterate, he can
> bypass the client application and make a direct connection to the server with
> psql for example. It's then possible to issue commands like TRUNCATE TABLE...

Sorry, I don't know anything about postgresql.key;  but regardless of
how you identify and authenticate you need to secure your database from
rogue user actions.

A user must have the TRUNCATE privilege to truncate a table or be the
tables owner.

OGo=> truncate table person;
ERROR:  must be owner of relation person



pgsql-general by date:

Previous
From: "Saleem EDAH-TALLY"
Date:
Subject: Re: postgresql.key secure storage
Next
From: Rajesh Kumar Mallah
Date:
Subject: schema proxying virtual database