> On 5 Oct 2016, at 14:06, Albe Laurenz <laurenz.albe@wien.gv.at> wrote:
>
> Andre Labuschagne wrote:
>> Encryption is meaningless if the super user can control the encrypting. What is required is the
>> following: the super user grants a user the rights to create a database and all objects within the
>> database. The super user simply grants the user that right. The super user has zero access to what
>> that user creates unless that user explicitly grants the super user those rights. That is called
>> security. That is what I am trying to achieve with PG. I was hoping that it is possible to do such a
>> thing. That is what Mimer, Sybase and Interbase [and perhaps others I am yet to encounter] do as a
>> matter of course. It as necessary for the security of a database as wheels are to a car.
>
> If you need exactly that feature, you are probably happier with a different database
> system, because PostgreSQL doesn't have it and probably never will.
>
> Most people would argue that this is no hard security, it only makes the attack
> more complicated. As a database superuser I can access files on the file system
> in any database I ever heard of, thus I can read the files containing the tables,
> thus I can figure out what is in them.
>
> Yours,
> Laurenz Albe
Hi
With this project we are looking at you would be the potential problem. You would fit it perfectly. And you would be
theguy we could not have anywhere near the data. I am obviously not referring to you personally but the access you
wouldhave.
I understand from this year’s PG conference that this very topic was discussed and the need was acknowledged so it may
yetbe supported in a future version of PG. For many projects it is a very serious weakness in the engine and why PG
couldnever be considered for them. A great pity when it comes to the project we are looking at as in other respects it
reallyis a fine database with everything else stacking up excellently.
Cheers
Andre