Re: pg_hba.conf alternative - Mailing list pgsql-hackers

From Mark Woodward
Subject Re: pg_hba.conf alternative
Date
Msg-id 18892.24.91.171.78.1139406805.squirrel@mail.mohawksoft.com
Whole thread Raw
In response to pg_hba.conf alternative  (Q Beukes <pgsql-dev@list.za.net>)
List pgsql-hackers
> Hello,
>
> Is there not some other alternative to pg_hba.conf?
>
> I have the problem where the system administrators at our company
> obviously have access to the whole filesystem, and our database records
> needs to be hidden even from them.

If they have full access, then they have FULL access.
>
> With pg_hba.conf that is not possible, as they just change all the conf
> lines to "trust" auth and viola they have access to the database without
> passwords.

You are looking for a security that can not exit in your scenario.
>
> Is there a more secure alternative to this? The perfect scenario being
> to deny everyone include "root" access to a database without a password.
>

They only way to secure data is to remove all access to it. If you don't
trust your admins, then you have the wrong admins.



pgsql-hackers by date:

Previous
From: "Marcio"
Date:
Subject: Situation with delphi7 x postgresql 8.1.2
Next
From: Andrew Dunstan
Date:
Subject: Re: pg_hba.conf alternative