Re: pg_hba.conf alternative - Mailing list pgsql-hackers

From Martijn van Oosterhout
Subject Re: pg_hba.conf alternative
Date
Msg-id 20060208125601.GE1985@svana.org
Whole thread Raw
In response to pg_hba.conf alternative  (Q Beukes <pgsql-dev@list.za.net>)
Responses Re: pg_hba.conf alternative
List pgsql-hackers
On Wed, Feb 08, 2006 at 02:34:29PM +0200, Q Beukes wrote:
> Is there not some other alternative to pg_hba.conf?
>
> I have the problem where the system administrators at our company
> obviously have access to the whole filesystem, and our database records
> needs to be hidden even from them.
>
> With pg_hba.conf that is not possible, as they just change all the conf
> lines to "trust" auth and viola they have access to the database without
> passwords.

Or they just copy the whole database to another machine and access it
that way. Or copy your backups. Or hack the application accessing the
data (the application has the password in it, right?).

If can stop them doing those things you can stop them altering
pg_hba.conf too so your problem is solved.

> Is there a more secure alternative to this? The perfect scenario being
> to deny everyone include "root" access to a database without a password.

Well, you could change the source to remove struct auth, but then they'd
just compile their own version and overwrite the system one.

Yes, we're looking for alternatives for pg_hba.conf, but what you want
is to dam a river with sheets of paper.

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> Patent. n. Genius is 5% inspiration and 95% perspiration. A patent is a
> tool for doing 5% of the work and then sitting around waiting for someone
> else to do the other 95% so you can sue them.

pgsql-hackers by date:

Previous
From: Stephen Frost
Date:
Subject: Re: sql row constructor...works!
Next
From: Martijn van Oosterhout
Date:
Subject: Re: sql row constructor...works!