Re: security question

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/22/07 08:22, Martijn van Oosterhout wrote:
> On Mon, Jan 22, 2007 at 04:10:15PM +0200, Sim Zacks wrote:
>> How good is postgresql security?
>
> Good, within limits.
>
>> For example, If I have data that I do not anyone to see, including the
>> programmer/dba, is it enough to change the password to the only user?
>> If they have access to the raw files is there a way for them to somehow see
>> the data?
>> can they copy the files to another postgresql instance where they have
>> rights and view the data?
>
> The answer depends heavily on what the "programmer/dba" can do.
>
> Any superuser of the DB can see any data
> Any user that can access the raw files can see any data
> Any user that can poke into memory can see any data
> Any user that can access the backups can see any data there
>
> So in theory, if you restrict the programmer appropriately you could do
> it, but you have to check they can still do their job.

Anyone tried running PG with restrictive SELinux policies?

>> Basically, we have a requirement to put sensitive personnel information
>> into the database, including salary etc. and we don't want any employees,
>> including the dba to have a possibility of accessing it.
>
> Very tricky. Look around to see what other people have done. This
> question has come up before.
>
> Have a nice day,

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFtMqdS9HxQb37XmcRAko0AKC5PGCCRbgAEWE0I2+on5qkiGPgkACgxEcB
JQcUuFK60xtLb0bkECciByY=
=jAMn
-----END PGP SIGNATURE-----