Postgres Pro
Downloads
Home   >   mailing lists

Re: Shared system resources - Mailing list pgsql-general

From oleg yusim
Subject Re: Shared system resources
Date
Msg-id CAKd4e_GeH+77=Jes51h=c-5G1a40vN07NYR9AN-eYq7qg91ayQ@mail.gmail.com
Whole thread Raw
In response to Re: Shared system resources  (Jim Nasby <Jim.Nasby@BlueTreble.com>)
List pgsql-general
Tree view
Jim,

Yes, you are right. Generally the security control here is encryption of data at rest (TDE), but PostgreSQL doesn't support it, to my knowledge. I know about that vulnerability, but here I posed the question on different one. I agree it is smaller one, compare to the absence of TDE, but I would like to find out if this gates are opened too or not.

Thanks,

Oleg 

On Tue, Dec 22, 2015 at 8:48 PM, Jim Nasby <Jim.Nasby@bluetreble.com> wrote:
On 12/22/15 6:03 PM, oleg yusim wrote:
Absolutely. But we are not talking about that type of data leakage here.
We are talking about potential situation when user, who doesn't have
access to database, but has (or gained) access to the Linux box DB is
installed one and gets his hands on data, database processes stored in
memory (memory would be a common resource here).

 Of far larger concern at that point is unauthorized access to the database files.

Basically, if someone gains access to the OS user that Postgres is running as, or to root, it's game-over.
--
Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX
Experts in Analytics, Data Architecture and PostgreSQL
Data in Trouble? Get it in Treble! http://BlueTreble.com

pgsql-general by date:

Previous
From: Melvin Davidson
Date:
Subject: Re: Table with seemingly duplicated primary key values
Next
From: Lou Duchez
Date:
Subject: Secret Santa List