If you don't trust the administrators you should find someone else to admin
your machine.
Main question: what do you need the administrators to do for you? If you
only need them to do a few things, then it is much easier to limit their
access.
Because, on most popular systems (e.g. C2-level O/S + hardware or lower)
technically competent administrators with _full_ administrative accounts
and/or physical access are able to get full read access to practically any
file. So they will be able to view information in the database.
Backup operators are often able to get similar access.
You could try to use encryption, but in my opinion that is more for making
_accidental_ viewing of data harder, and to make it easier to prove that
intentional breaches of policy were attempted.
BTW you may wish to put dummy data in your database (fake accounts, etc),
so that if there is a compromise (or an attempt in progress), you might
have a chance of detecting it. Some triggers might help too (don't use them
on _all_ your fake data, just a few might do).
Regards,
Link.
At 03:36 PM 10/5/2005 +0200, L van der Walt wrote:
>I would like to secure Postgres completly.
>
>Some issues that I don't know you to fix:
>1. User postgres can use psql (...) to do anything.
>2. User root can su to postgres and thus do anything.
>3. Disable all tools like pg_dump
>
>How do I secure a database if I don't trust the administrators.
>The administrator will not break the db but they may not view
>any information in the databse.
>
>Regards
>
>Lani
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 6: explain analyze is your friend
>