Re: Is there any such thing as PostgreSQL security on a hosted website?

hi scott,

in my opinion, if you really want to have security,
you can't run a database in a shared environment. you should
think about setting up a dedicated machine.

even if there was no way to set the pg_hba.conf to TRUST,
they could easily copy the whole db-root to a different machine
and change the permission-settings there. your data isn't save
at all, as long as anyone else has a root-pw to alter/copy/read
the files.

Mit freundlichem Gruß

Henrik Steffen
Geschäftsführer

top concepts Internetmarketing GmbH
Am Steinkamp 7 - D-21684 Stade - Germany
--------------------------------------------------------
http://www.topconcepts.com          Tel. +49 4141 991230
mail: steffen@topconcepts.com       Fax. +49 4141 991233
--------------------------------------------------------
24h-Support Hotline:  +49 1908 34697 (EUR 1.86/Min,topc)
--------------------------------------------------------
System-Partner gesucht: http://www.franchise.city-map.de
--------------------------------------------------------
Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
--------------------------------------------------------

----- Original Message -----
From: "Scott Gammans" <nospam_deepgloat@yahoo.com>
To: <pgsql-general@postgresql.org>
Sent: Friday, July 26, 2002 3:06 PM
Subject: [GENERAL] Is there any such thing as PostgreSQL security on a hosted website?


> (I know cross-posting is evil, but I'm not getting any responses over on the
> .novice newsgroup, and I feel this is an important topic that needs
> attention. Apologies in advance...)
>
> Summary:
>
> What is to stop a company that is hosting my
> PostgreSQL-enabled website from changing my
> pg_hba.conf file to "TRUST" so that they can go in and
> snoop around my online PostgreSQL databases?
>
> Detail:
>
> My website is currently being hosted by a company that
> includes 10 PostgreSQL databases, but they do not
> allow me superuser access (the hosting company issues
> me a PostgreSQL userid/password that does not have
> "CREATEDB" privileges) and I am also on a shared
> instance of PostgreSQL with other users (I can see
> their userids from the phpPgAdmin tool).
>
> This seemed like an obvious security breach, so I
> looked into another website hosting company that
> offers a private instance of PostgreSQL, but they
> still want to have superuser access to my databases so
> that they can do things like vacuum the database.
> They're willing to forgo superuser access for
> themselves if I agree to pay for any support costs
> that occur because they *don't* have such access, but
> what is to stop them from altering the settings in
> pg_hba.conf to "TRUST" so that they can go in and
> snoop around my databases anyway? The answer is,
> there's **nothing** to stop them from doing that,
> right?
>
> Unless I am completely missing something, this "TRUST"
> setting seems to be a gaping maw of a security hole.
> And if that's true, there really isn't any point in
> denying the new website host superuser access rights,
> correct? And if THAT's true, I really can't use
> PostgreSQL for anything private or sensitive (e.g.,
> storing customer credit card information), correct?
>
> Thanks...
>
>
>
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster