Bill Moran wrote on 16.04.2009 23:06:
>> which only talks about someone getting hold of the contents of the server's
>> harddisk.
>
> Not really. You're making an assumption that a pg_dump can only be
> run on the server itself.
Right, I forgot that.
But then it's similar to the situation where the user displays the data and
walks away with the screenshot...
If you have an application server sitting in the middle you can limit
connections to the database to the app server itself. Or even put the appserver
on the same box as the database server and limit connections only to localhost.
In that case the attacker needs to be able to log-in to the server directly.
> and I apologize for being too vague the first go-round.
No problem. This happens to me all the time. Once a discussion starts about a
topic I find myself wondering how I could forget all the details that I'm being
asked about ;)
Thomas