> 2) More importantly, is it possible to prevent a customer from peeking
into
> said database once it is deployed on their machine? A large part of what
> makes my application proprietary is the data model in the database, and
it'd
> be tough to maintain a competative edge when everyone can see exactly how
I
> do things in the database by logging into their postgres account, adding
> some users and changing permissions on their machine. I really need to
make
> sure the database is bulletproof before I can begin deployment.
If the people that have your application have physical access (or even
remote superuser access) to the machine on which the database resides then
there is little you could do to prevent a knowledgeable person from getting
anything he/she wanted from the database, circumventing the PostgreSQL
security measures by reading the information right off the disk... I don't
know how hard or easy it would be to get meaningful information this way but
it's always going to be possible when people have superuser/physical access
to the machine.
-Mitch