korry wrote:
>>>I was suggesting that pg_hba.conf could be stored in the same encrypting
>>>filesystem.
>>>
>>>
>>Then how can it be changed? What if you need to allow access from, say,
>>another user or another network? Oh, the admins have to change it ...
>>
>>
>
>Not all admins are equal... the admin that takes care of the database would
>obviously have the decrypt password for the encrypting filesystem. That
>admin (but not other admins) can change the pg_hba.conf file.
>
>
>
>
Why would you not simply set this up on a seperate machine to which only
the trusted admins had access? Most data centers I am familiar with use
single purpose machines anyway. If someone is trusted as root on your
box they can screw you no matter what you do. Pretending otherwise is
just folly.
cheers
andrew