On Mon, Mar 08, 2004 at 08:37:37 +0000,
Silvana Di Martino <silvanadimartino@tin.it> wrote:
> Alle 18:19, domenica 7 marzo 2004, Joe Conway ha scritto:
> > Silvana Di Martino wrote:
> > > 4) What could actually solve our problem is something like the following
> > > scenario. Imagine that postmaster (or pg_ctrl) could accept a new CL
> > > parameter called "pw". This parameter would contain a sequence of
> > > comma-separated databasename/encryption-password pairs. I mean, something
> > > like this:
> > >
> > > postmaster -i -pw=postnuke:"arriba!",phpnuke:"blade runner"
> >
> > But you mentioned earlier that the DBA cannot know the passwords, so who
> > is going to type all that in?
>
> Accordingly to law, a "authorized operator". A piece of paper transforms a
> generic user/sysadmin into a trusted person who can perform such operations
> (again, not our choice: law imposes it).
This sounds like the real solution to your problem. You should do what
you need to to make the system administrator an authorized user and
then use more practical security methods to secure the data.