Re: Security question : Database access control

Поиск
Список
Период
Сортировка
От Bruno Wolff III
Тема Re: Security question : Database access control
Дата
Msg-id 20021022142709.GA29891@wolff.to
обсуждение исходный текст
Ответ на Security question : Database access control  ("Igor Georgiev" <gory@alphasoft-bg.com>)
Список pgsql-admin
On Tue, Oct 22, 2002 at 17:05:38 +0200,
  Igor Georgiev <gory@alphasoft-bg.com> wrote:
> Is there any way to prevent superuser to acces the database ?
> I mean something like "GRANT / REVOKE CONNECT" MECHANISM
>
> I have no idea how to prevent root from access data in one of this ways :
>     root @ linux:~#su - postgres
>     postgres @ linux:/usr/local/pgsql/bin$pg_dump ....
> or
>     edit pg_hba.conf
>         # Allow any user on the local system to connect to any
>         # database under any username, but only via an IP connection:
>         host         all         127.0.0.1     255.255.255.255    trust
>         # The same, over Unix-socket connections:
>         local        all                                          trust
> or my nightmare a cygwin on Win 98 everybody can can access everything :-((((

They can just read the raw database files as well. You have to be able to
trust whoever has root access to the system, as well as anyone who has
physical access to the system.

В списке pgsql-admin по дате отправления:

Предыдущее
От: dima
Дата:
Сообщение: Re: Security question : Database access control
Следующее
От: Andrew Sullivan
Дата:
Сообщение: Re: Upgrade to new version