Re: Security question : Database access control

On Tue, 22 Oct 2002, Igor Georgiev wrote:

> > >     edit *pg_hba.conf *
> > >         # Allow any user on the local system to connect to any
> > >         # database under any username, but only via an IP connection:
> > >         host         all         127.0.0.1     255.255.255.255    trust
> > >         # The same, over Unix-socket connections:
> > >         local        all                                          trust
> > what about reading pg_hba.conf comments?
> >            local    all                                              md5
> >
>
> Ok, but  my question actually isn't about pg_hba.conf comments, i read enough
> but what will stop root from adding this lines or doing su - postgres ??

Not much really.  But given that they have access to the raw data
files, preventing them access to the server doesn't gain you that
much if they really want to get the data.