Re: Securing Postgres - Mailing list pgsql-general

From SCassidy@overlandstorage.com
Subject Re: Securing Postgres
Date
Msg-id OFD98C0A29.D86D4D12-ON88257091.0059AED9-88257091.0059D639@overlandstorage.com
Whole thread Raw
In response to Securing Postgres  (L van der Walt <mailing@lani.co.za>)
List pgsql-general
You do know that MySQL lets you reset the root password if you forget it,
don't you?  See:

http://dev.mysql.com/doc/mysql/en/resetting-permissions.html

Not terribly secure, after all.


Susan



                  
                           L van der Walt
                  
                      <mailing@lani.co.za>           To:       Richard Huxton <dev@archonet.com>,
pgsql-general@postgresql.org            
                           Sent by:                  cc:
                  
                                                     Subject:  Re: [GENERAL] Securing Postgres
                  

                  
                      pgsql-general-owner@pos         |-------------------|
                  
                      tgresql.org                     | [ ] Expand Groups |
                  
                                                      |-------------------|
                  

                  
                           10/05/2005 08:27
                  
                      AM
                  

                  

                  




Richard Huxton wrote:

> L van der Walt wrote:
>
>> The big problem is that the administrators works for the client and
>> not for me.  I don't want the client to reverse engineer my database.
>> There might be other applications on the server so the administrators
>> do require root access.
>>
>> About the raw database files,  I can use encryption to protect the data.
>
>
> Well, if it's your client's machine, then they any competent
> administrator will be able to work around anything you do. They set
> the ground-rules you work in - you could be running inside a virtual
> machine and never know.
>
> If your database design is so advanced that you can't chance it
> falling into the hands of others then you'll need to keep a separate
> machine and  lock it down yourself.
>
> Are your clients really so dishonest that they'd break into the
> database and take the necessary steps to hide their tracks too?
>
> --
>   Richard Huxton
>   Archonet Ltd
>
>

No I can not trust the clients administrators.

I have played now with MySQL and with MySQL you can change the password
for root in MySQL (same as postgres in PostgreSQL).  If you use the
command line tools like dump you require the password.  Just because
your root doesn't mean your root in MySQL

Can one separate the user postgres in PostgreSQL from the user postgres
in Linux(The OS)?



---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings





----------------------------------------------------------------------------------------------
See our award-winning line of tape and disk-based
backup & recovery solutions at http://www.overlandstorage.com
----------------------------------------------------------------------------------------------


pgsql-general by date:

Previous
From: Scott Marlowe
Date:
Subject: Re: Securing Postgres
Next
From: "Welty, Richard"
Date:
Subject: Re: Securing Postgres