Re: Securing Postgres - Mailing list pgsql-general

From Richard Huxton
Subject Re: Securing Postgres
Date
Msg-id 4343DD85.9020108@archonet.com
Whole thread Raw
In response to Securing Postgres  (L van der Walt <mailing@lani.co.za>)
List pgsql-general
L van der Walt wrote:
> I would like to secure Postgres completly.
>
> Some issues that I don't know you to fix:
> 1.  User postgres can use psql (...) to do anything.

Prevent anyone from logging in as user postgres.
Remove psql.

> 2.  User root can su to postgres and thus do anything.

That's the root user - it is supposed to be able to do what it likes.

> 3. Disable all tools like pg_dump

You can delete the executables, but that's not going to stop people
running their own version if they can connect.

> How do I secure a database if I don't trust the administrators.
> The administrator will not break the db but they may not view
> any information in the databse.

If you don't trust the administrators of the machine, there's nothing
you can do if they have physical access to it. They'll always be able to
work around anything you can do.

Can you say more about the situation - it might be someone has been in a
similar situation themselves?
--
   Richard Huxton
   Archonet Ltd

pgsql-general by date:

Previous
From: "Welty, Richard"
Date:
Subject: Re: License question[VASCL:A1077160A86]
Next
From: Berend Tober
Date:
Subject: Re: Securing Postgres