Re: Is there any such thing as PostgreSQL security on a hosted website?

Scott Gammans sez:
} (I know cross-posting is evil, but I'm not getting any responses over on the
} .novice newsgroup, and I feel this is an important topic that needs
} attention. Apologies in advance...)
}
} Summary:
}
} What is to stop a company that is hosting my
} PostgreSQL-enabled website from changing my
} pg_hba.conf file to "TRUST" so that they can go in and
} snoop around my online PostgreSQL databases?
[...]
} Unless I am completely missing something, this "TRUST"
} setting seems to be a gaping maw of a security hole.
} And if that's true, there really isn't any point in
} denying the new website host superuser access rights,
} correct? And if THAT's true, I really can't use
} PostgreSQL for anything private or sensitive (e.g.,
} storing customer credit card information), correct?

You cannot expect to have a secure database on an insecure system. Period.
If you don't trust the people who have root access to the machine hosting
your database, you can't trust the database. A possible workaround is to
have your database on another (trusted) system which only accepts TCP
connections from localhost and use a socket forwarded by ssh to make that
database available on the untrusted system. Of course, you can't trust the
untrusted system not to grab the password for the postgres user you are
using since they can always hack ssh and/or sshd. Ultimately, if you don't
trust your sysadmins then you need to look into different sysadmins.
Nothing can be secured if the people with physical access to the system
can't be trusted.

} Thanks...
--Greg