c k wrote:
> One of our customer found that few of it's employees are trying to
> change the data without having any proper rights. The simplest way
> is to get the control of the server and then change the mode of the
> authentication to trust and restart the server.
There's your problem right there.
I once had the great pleasure and honor of attending a luncheon where
Admiral Grace Hopper[1] spoke. One of the topics she addressed was
security. She emphasized that if someone has physical access to your
hardware, the game is over. She asserted that if anyone in the room
gave her ten minutes alone with their computer, she could breach
security, and dared those in attendance to let her prove it.
(Nobody took her up on it.)
Without getting into gory details, I realize that there are
techniques which could make certain types of attack difficult even
with physical access, but there are some absolute security
deal-breakers. If someone can log on to the OS running your database
as the root user, you had better trust that person, because they can
do pretty much anything. Any sense that you're secure in the face of
an untrusted user with root access is purely illusionary. What's to
stop them from creating a custom version of any software (including
PostgreSQL) which has a back-door access that lets them in?
It seems to me that you either need to look at providing your
software as a service, so that you retain control of the hardware, or
educate your customers on security principles.
-Kevin
[1] http://en.wikipedia.org/wiki/Grace_Hopper