am Mon, dem 22.01.2007, um 16:10:15 +0200 mailte Sim Zacks folgendes:
> How good is postgresql security?
> For example, If I have data that I do not anyone to see, including the
> programmer/dba, is it enough to change the password to the only user?
> If they have access to the raw files is there a way for them to somehow see
> the data?
> can they copy the files to another postgresql instance where they have
> rights and view the data?
I think, anyone with read access to the database files can read the
information stored in this files.
This isn't a postgresql-problem, this is a general problem.
>
> Basically, we have a requirement to put sensitive personnel information
> into the database, including salary etc. and we don't want any employees,
> including the dba to have a possibility of accessing it.
Store the sensitive data encrypted, and use SSL or other encrypted
communication between server and client.
Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net