Thread: How to secure PostgreSQL Data for distribute?

How to secure PostgreSQL Data for distribute?

From
"Premsun Choltanwanich"
Date:
Dear All,
 
     I need to distribute my application that use PostgreSQL as database to my customer. But I still have some questions in my mind on database security. I understand that everybody  who get my application database will be have a full control permission on my database in case that PostgreSQL already installed on their computer and they are an administrator on PostgreSQL. So that mean data, structure and any ideas contain in database will does not secure on this point. Is my understanding correct?
 
     What is the good way to make it all secure? Please advise.

Re: How to secure PostgreSQL Data for distribute?

From
Josh Berkus
Date:
Premsun,

>      I need to distribute my application that use PostgreSQL as database to
> my customer. But I still have some questions in my mind on database
> security. I understand that everybody  who get my application database will
> be have a full control permission on my database in case that PostgreSQL
> already installed on their computer and they are an administrator on
> PostgreSQL. So that mean data, structure and any ideas contain in database
> will does not secure on this point. Is my understanding correct?
>
>      What is the good way to make it all secure? Please advise.

I think you have a different definition of "security" from most of us.   There 
are techniques you could use that would prevent your customer from having 
easy direct access to the database on his machine -- but they would also 
prevent him from making backups or recovering from a computer problem.  
They'd also require a lot of work on your part.

Overall, if your goal is to prevent your customer from having control of their 
own data, I don't think an open-source database is the best choice for 
you.  ;-b

-- 
Josh Berkus
Aglio Database Solutions
San Francisco


Re: How to secure PostgreSQL Data for distribute?

From
Tino Wildenhain
Date:
Am Donnerstag, den 18.08.2005, 09:56 +0700 schrieb Premsun
Choltanwanich:
> Dear All,
>  
>      I need to distribute my application that use PostgreSQL as
> database to my customer. But I still have some questions in my mind on
> database security. I understand that everybody  who get my application
> database will be have a full control permission on my database in case
> that PostgreSQL already installed on their computer and they are an
> administrator on PostgreSQL. So that mean data, structure and any
> ideas contain in database will does not secure on this point. Is my
> understanding correct?
>  
>      What is the good way to make it all secure? Please advise.

Postgres is secure as it garanties your data integrity (as long
as the underlying os plays well). It is also secure in a way
to protect unauthorized access from 3rd party users if the
DBA doesnt want it. (Usuall account and access).

However, if you deliver software to a customer, the software
is the product and the customer can technically do whatever
she wants with it. 

Your copyright on the application protects you legally from
someone using exactly your table layout etc. in another application
to sell to another customer (provided the model isnt too simple
or so state of the art that anybody must trivially come to the
same solution)

All the other ideas of IP (intellectual property) seem very
silly when you talk software. Personally I've yet to see
a model worth any thoughts about 'protecting' or obfuscating
it. (That means, something not any talented database designer
can create, faced with the same problem)