Re: how to protect root access database - Mailing list pgsql-admin

From Michael Fuhr
Subject Re: how to protect root access database
Date
Msg-id 20050813052248.GA48235@winnie.fuhr.org
Whole thread Raw
In response to how to protect root access database  ("wisan watcharinporn" <maccran@hotmail.com>)
List pgsql-admin
On Sat, Aug 13, 2005 at 03:37:37AM +0000, wisan watcharinporn wrote:
> i have database with critical data (such patient information)
> how can i protect my database from root access
> because this host in company can access with root from many person
> (person who manage some service application on host but must not access
> this patient information)

If you're handling critical, confidential information then you
should consult a security professional.  No offense intended, but
if you have to ask these kinds of questions then you aren't qualified
to implement the solution.

Even if you encrypt the data so root can't read it, root could still
corrupt or destroy it (intentionally or accidentally) with the
privilege it wields.  If the data is critical and confidential then
only trustworthy persons should have access (remote or physical)
to the system that stores it.  A system that gives root access to
"many persons" is a dangerous place to store such data.  For the
sake of your patients' safety and privacy, please consult a security
professional who knows what they're doing.

--
Michael Fuhr

pgsql-admin by date:

Previous
From: "wisan watcharinporn"
Date:
Subject: how to protect root access database
Next
From: Christopher Browne
Date:
Subject: Re: how to protect root access database