But why do they need access to the files in the file system? Why not
put them on the local box but don't give them permissions to edit the
pg_hba file? They should still be able to connect.
On Feb 9, 2006, at 5:56 PM, Q Beukes wrote:
> I did consider that, but the software we use (which again uses
> postgresql)
> atm only supports local connection to the database.
>
> I am the database admin, the other admins just manage stuff like user
> accounts,
> checking logs, etc...
>
> Unfortunately there is no other way to set it up, and like I mentioned
> government security is not required.
>
> I did however statically code the pg_hba.conf file into pg binaries.
>
> The only way I found to access the db now would be to replace the
> binary
> and
> possibly sniffing traffic. But we're not worried about that. They
> not really
> criminally minded people.
>
> thx for everyones help anyway ;>
>
>
> korry wrote:
>
>>> Why would you not simply set this up on a seperate machine to
>>> which only
>>> the trusted admins had access? Most data centers I am familiar
>>> with use
>>> single purpose machines anyway. If someone is trusted as root on
>>> your
>>> box they can screw you no matter what you do. Pretending
>>> otherwise is
>>> just folly.
>>>
>>>
>>
>> Agreed - that would be a much better (easier and more secure)
>> solution where
>> practical.
>>
>> -- Korry
>>
>> ---------------------------(end of
>> broadcast)---------------------------
>> TIP 3: Have you checked our extensive FAQ?
>>
>> http://www.postgresql.org/docs/faq
>>
>>
>>
>
>
> ---------------------------(end of
> broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
> http://archives.postgresql.org
>