Re: security question - Mailing list pgsql-general

From Mike Nolan
Subject Re: security question
Date
Msg-id 200405111933.i4BJXosx029524@gw.tssi.com
Whole thread Raw
In response to security question  ("zuhans@iname.com" <zuhans@iname.com>)
List pgsql-general
> i'm very new to postgres and have a fundamental question.
> how do i make a pg-db most secure?
> i feel, that pg_user e.g. ist something very dangerous - isn't it? if
> someone hacks into a db, then he has lots of information at his/her
> fingertips. is this so?
>
> what do i do to prevent my db from beeing hacked?

If you want to make sure it is never hacked into, here are two
suggestions:

1.  Don't connect it to a computer network or phone line.
2.  Don't turn it on.

Seriously, most of the risks are NOT application or database-specific.

In other words, if a hacker can get to your computer, it almost definitely
isn't postgreSQL's fault, and there may not be much you can do about it
from a database perspective once the hacker gets in.  If the hacker can
get dba, sysadmin or root access, you're fully compromised.

PostgreSQL has a number of security features in it to control access
privileges for both local and remote (networked) users, as do most
major database platforms.  If you are a DBA, you need to be aware of
these, most of them are fairly well documented in the online manual
on postgresql.org.  Specifically read the sections on GRANT and
on hba_conf.
--
Mike Nolan





pgsql-general by date:

Previous
From: Dennis Gearon
Date:
Subject: Re: bytea
Next
From: "scott.marlowe"
Date:
Subject: Re: security question