> Now, I think that "db authentication" is simply not enough , because
> the administrator can copy the data files to his own machine (where he
> is the owner of the database).
Or just change pg_hba.conf to his taste....
> Is there a way to protect the data files, so even the "malicious
> administrator" cannot see the data ?
Encrypt it. And keep the key on some other machine. And plan your
application so decryption happens on some other machine
--
----------------------------------------------------------------------
| Marcin Kasperski | Communication takes place between people,
| http://mekk.waw.pl | documents are secondary. (Booch)
| |
----------------------------------------------------------------------