Qingqing Zhou wrote:
>Basically I wonder if I can have a superuer that he has every priviliges as
>he does now (create language, rotate log files, create checkpoint and
>everything superuser can do) but one thing I want to make sure is that he
>could not see any user data for security reason (just think my database is
>filled with very important UFO data ;-)). In another word, I need a
>superuser be able to maintain database but he know nothing about what in the
>database. Is there a solution for this in PG?
When I ran into this, it was a credit card field for order data and we
needed to make sure our admin could not run off with the credit card
list.
We ended up AES encrypting the cc data before stuffing it into the
database and then stored the last 4 digits in another field for
display purposes. We could still do CC searches (since the same
credit card number always has the same AES encryption). This made
security much easier as we now just needed to limit access to the keys
themselves and could issue developer keys for the developers running
the local version of the application.