From: | Rod Taylor <rbt(at)rbt(dot)ca> |
---|---|
To: | Igor Georgiev <gory(at)alphasoft-bg(dot)com> |
Cc: | dima <_pppp(at)mail(dot)ru>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, pgsql-admin(at)postgresql(dot)org |
Subject: | Re: [HACKERS] Security question : Database access control |
Date: | 2002-10-22 15:26:30 |
Message-ID: | 1035300393.25823.23.camel@jester |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-admin pgsql-hackers |
On Tue, 2002-10-22 at 12:12, Igor Georgiev wrote:
> > > edit *pg_hba.conf *
> > > # Allow any user on the local system to connect to any
> > > # database under any username, but only via an IP connection:
> > > host all 127.0.0.1 255.255.255.255 trust
> > > # The same, over Unix-socket connections:
> > > local all trust
> > what about reading pg_hba.conf comments?
> > local all md5
> >
>
> Ok, but my question actually isn't about pg_hba.conf comments, i read enough
> but what will stop root from adding this lines or doing su - postgres ??
Next your going to ask what will stop root from stopping your
PostgreSQL, compiling a second copy with authentication disabled and
using your data directory as it's source :)
If you want to prevent root from accomplishing these things, you're
going to have to look to your kernel for help. The kernel must prevent
root from changing users, starting / stopping applications, or touching
certain filesystems.
PostgreSQL will let you put a password on the data. But that only works
if they actually try to use PostgreSQL to get at the data.
There are a couple of tools which were designed to recover database data
while the db is not running.
--
Rod Taylor
From | Date | Subject | |
---|---|---|---|
Next Message | Stephan Szabo | 2002-10-22 15:28:08 | Re: Security question : Database access control |
Previous Message | Nicholas Barthelemy | 2002-10-22 15:25:57 | 7.2 date/time format function problems |
From | Date | Subject | |
---|---|---|---|
Next Message | Stephan Szabo | 2002-10-22 15:28:08 | Re: Security question : Database access control |
Previous Message | scott.marlowe | 2002-10-22 15:13:43 | Re: [HACKERS] Security question : Database access control |