(I know cross-posting is evil, but I'm not getting any responses over on the
.novice newsgroup, and I feel this is an important topic that needs
attention. Apologies in advance...)
Summary:
What is to stop a company that is hosting my
PostgreSQL-enabled website from changing my
pg_hba.conf file to "TRUST" so that they can go in and
snoop around my online PostgreSQL databases?
Detail:
My website is currently being hosted by a company that
includes 10 PostgreSQL databases, but they do not
allow me superuser access (the hosting company issues
me a PostgreSQL userid/password that does not have
"CREATEDB" privileges) and I am also on a shared
instance of PostgreSQL with other users (I can see
their userids from the phpPgAdmin tool).
This seemed like an obvious security breach, so I
looked into another website hosting company that
offers a private instance of PostgreSQL, but they
still want to have superuser access to my databases so
that they can do things like vacuum the database.
They're willing to forgo superuser access for
themselves if I agree to pay for any support costs
that occur because they *don't* have such access, but
what is to stop them from altering the settings in
pg_hba.conf to "TRUST" so that they can go in and
snoop around my databases anyway? The answer is,
there's **nothing** to stop them from doing that,
right?
Unless I am completely missing something, this "TRUST"
setting seems to be a gaping maw of a security hole.
And if that's true, there really isn't any point in
denying the new website host superuser access rights,
correct? And if THAT's true, I really can't use
PostgreSQL for anything private or sensitive (e.g.,
storing customer credit card information), correct?
Thanks...