Home > mailing lists

Re: Is there any such thing as PostgreSQL security on a hosted website? - Mailing list pgsql-general

From	Richard Huxton
Subject	Re: Is there any such thing as PostgreSQL security on a hosted website?
Date	July 29, 2002 12:00:06
Msg-id	200207291350.47919.dev@archonet.com Whole thread Raw
In response to	Is there any such thing as PostgreSQL security on a hosted website? ("Scott Gammans" <nospam_deepgloat@yahoo.com>)
List	pgsql-general

Tree view

On Friday 26 Jul 2002 2:06 pm, Scott Gammans wrote:
> (I know cross-posting is evil, but I'm not getting any responses over on
> the .novice newsgroup, and I feel this is an important topic that needs
> attention. Apologies in advance...)
>
> Summary:
>
> What is to stop a company that is hosting my
> PostgreSQL-enabled website from changing my
> pg_hba.conf file to "TRUST" so that they can go in and
> snoop around my online PostgreSQL databases?

Your hosting company has root access to the whole server and access to the
backup tapes. You have no security from them other than the trust embodied in
a business relationship.

If you want complete control over a server, have your own server.

- Richard Huxton

pgsql-general by date:

From: Wim
Date: 29 July 2002, 11:58:35
Subject: Still problems with pg_dump ad \dt...

From: Richard Huxton
Date: 29 July 2002, 12:00:07
Subject: Re: Postgres and Perl: Which DBI module?

Re: Is there any such thing as PostgreSQL security on a hosted website? - Mailing list pgsql-general

Previous

Next