Re: Changing Passwords as Encrypted not Clear-Text - Mailing list pgsql-general

From Guillaume Lelarge
Subject Re: Changing Passwords as Encrypted not Clear-Text
Date
Msg-id 1324309528.29079.23.camel@localhost.localdomain
Whole thread Raw
In response to Re: Changing Passwords as Encrypted not Clear-Text  (MURAT KOÇ <m.koc21@gmail.com>)
List pgsql-general
On Mon, 2011-12-19 at 17:19 +0200, MURAT KOÇ wrote:
> Thanks for reply. But it's not suitable to trust the people who have
> access to the logs.
>
> Think, I changed my DB password and other DBA colleague who has access
> to the PostgreSQL logs has seen my DB password. He started to use my
> DB password instead of his password.
>
> He executed all DDL and DML statements with my DB account. In fact, I
> did nothing but because of this gap I did all things.
>
> Is it a trustable situation ? How will we identify who is guilty he or
> me?
>

Do they have access to the pg_hba.conf file? because if they have, you
have no chance to stop them from connecting to the database with your
user account and without any need to know your password.


--
Guillaume
  http://blog.guillaume.lelarge.info
  http://www.dalibo.com
  PostgreSQL Sessions #3: http://www.postgresql-sessions.org


pgsql-general by date:

Previous
From: Alban Hertroys
Date:
Subject: Re: Changing Passwords as Encrypted not Clear-Text
Next
From: Adrian Klaver
Date:
Subject: Re: Changing Passwords as Encrypted not Clear-Text