| From: | Q Beukes <pgsql-dev(at)list(dot)za(dot)net> |
|---|---|
| To: | Postgresql Dev <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: pg_hba.conf alternative |
| Date: | 2006-02-10 00:56:07 |
| Message-ID: | 43EBE4A7.508@list.za.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
I did consider that, but the software we use (which again uses postgresql)
atm only supports local connection to the database.
I am the database admin, the other admins just manage stuff like user
accounts,
checking logs, etc...
Unfortunately there is no other way to set it up, and like I mentioned
government security is not required.
I did however statically code the pg_hba.conf file into pg binaries.
The only way I found to access the db now would be to replace the binary
and
possibly sniffing traffic. But we're not worried about that. They not really
criminally minded people.
thx for everyones help anyway ;>
korry wrote:
>>Why would you not simply set this up on a seperate machine to which only
>>the trusted admins had access? Most data centers I am familiar with use
>>single purpose machines anyway. If someone is trusted as root on your
>>box they can screw you no matter what you do. Pretending otherwise is
>>just folly.
>>
>>
>
>Agreed - that would be a much better (easier and more secure) solution where
>practical.
>
> -- Korry
>
>---------------------------(end of broadcast)---------------------------
>TIP 3: Have you checked our extensive FAQ?
>
> http://www.postgresql.org/docs/faq
>
>
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2006-02-10 02:42:02 | Re: Feature request - Add microsecond as a time unit for |
| Previous Message | Tom Lane | 2006-02-10 00:44:23 | Re: PostgreSQL 8.0.6 crash |