Re: Security question : Database access control - Mailing list pgsql-admin

From Bruno Wolff III
Subject Re: Security question : Database access control
Date
Msg-id 20021022142709.GA29891@wolff.to
Whole thread Raw
In response to Security question : Database access control  ("Igor Georgiev" <gory@alphasoft-bg.com>)
List pgsql-admin
On Tue, Oct 22, 2002 at 17:05:38 +0200,
  Igor Georgiev <gory@alphasoft-bg.com> wrote:
> Is there any way to prevent superuser to acces the database ?
> I mean something like "GRANT / REVOKE CONNECT" MECHANISM
>
> I have no idea how to prevent root from access data in one of this ways :
>     root @ linux:~#su - postgres
>     postgres @ linux:/usr/local/pgsql/bin$pg_dump ....
> or
>     edit pg_hba.conf
>         # Allow any user on the local system to connect to any
>         # database under any username, but only via an IP connection:
>         host         all         127.0.0.1     255.255.255.255    trust
>         # The same, over Unix-socket connections:
>         local        all                                          trust
> or my nightmare a cygwin on Win 98 everybody can can access everything :-((((

They can just read the raw database files as well. You have to be able to
trust whoever has root access to the system, as well as anyone who has
physical access to the system.

pgsql-admin by date:

Previous
From: dima
Date:
Subject: Re: Security question : Database access control
Next
From: Andrew Sullivan
Date:
Subject: Re: Upgrade to new version