Re: Permissions

Поиск
Список
Период
Сортировка
От Andre Labuschagne
Тема Re: Permissions
Дата
Msg-id 5998A4A7-FFF5-46CA-BBA7-8B1EEA3493A7@eduadmin.com
обсуждение исходный текст
Ответ на Re: Permissions  ("David G. Johnston" <david.g.johnston@gmail.com>)
Ответы Re: Permissions  ("David G. Johnston" <david.g.johnston@gmail.com>)
Список pgsql-novice
Дерево обсуждения

On 20 Sep 2016, at 22:48, David G. Johnston <david.g.johnston@gmail.com> wrote:

On Tue, Sep 20, 2016 at 1:36 PM, Andre Labuschagne <technical@eduadmin.com> wrote:

Sorry about the top posting.  Still learning here.

Hi David

I am not making myself clear.  Let us try another angle.  We are concerned about security breaches and database theft within and outside the organisation.  Assuming a rogue employee gets their hands on a full backup of one of the databases and they did not have the details of the only role that is listed as having privileges would this employee be able to download PG set it up on his or computer, provide a superuser password and then have full access to the database?  Is there a way to prevent this access? 


​No.  Not knowing the name of the only super user might be inconvenient but its only security by obscurity.  If they have unencrypted physical data files​
 
​they have the potential see all of the data contained therein.  They don't even need passwords since they can just setup pg_hba.conf for trust access.

David J.


Hi David

Thanks for that.  So PG de facto has absolutely no security while in transit then.  That is what we are trying to establish.

Sybase supports this sort of security while in transit as does Mimer.  There may be others.

Thanks for answering my questions.

Cheers
Andre

В списке pgsql-novice по дате отправления:

Предыдущее
От: Debra Cerda
Дата:
Сообщение: Re: Permissions
Следующее
От: Andre Labuschagne
Дата:
Сообщение: Re: Permissions