Skip site navigation (1) Skip section navigation (2)

Re: Security question : Database access control

From: Bruno Wolff III <bruno(at)wolff(dot)to>
To: Igor Georgiev <gory(at)alphasoft-bg(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org, pgsql-hackers(at)postgresql(dot)org
Subject: Re: Security question : Database access control
Date: 2002-10-22 14:27:09
Message-ID: 20021022142709.GA29891@wolff.to (view raw or flat)
Thread:
Lists: pgsql-adminpgsql-hackers
On Tue, Oct 22, 2002 at 17:05:38 +0200,
  Igor Georgiev <gory(at)alphasoft-bg(dot)com> wrote:
> Is there any way to prevent superuser to acces the database ?
> I mean something like "GRANT / REVOKE CONNECT" MECHANISM
> 
> I have no idea how to prevent root from access data in one of this ways :
>     root @ linux:~#su - postgres
>     postgres @ linux:/usr/local/pgsql/bin$pg_dump ....
> or
>     edit pg_hba.conf 
>         # Allow any user on the local system to connect to any
>         # database under any username, but only via an IP connection:
>         host         all         127.0.0.1     255.255.255.255    trust     
>         # The same, over Unix-socket connections:
>         local        all                                          trust
> or my nightmare a cygwin on Win 98 everybody can can access everything :-((((

They can just read the raw database files as well. You have to be able to
trust whoever has root access to the system, as well as anyone who has
physical access to the system.

In response to

Responses

pgsql-hackers by date

Next:From: Andrew SullivanDate: 2002-10-22 14:29:12
Subject: Re: [HACKERS] Hot Backup
Previous:From: dimaDate: 2002-10-22 14:15:29
Subject: Re: Security question : Database access control

pgsql-admin by date

Next:From: JOEDate: 2002-10-22 14:37:07
Subject: Help with error message
Previous:From: dimaDate: 2002-10-22 14:15:29
Subject: Re: Security question : Database access control

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group