Обсуждение: how to protect root access database
i have database with critical data (such patient information) how can i protect my database from root access because this host in company can access with root from many person (person who manage some service application on host but must not access this patient information) thank you _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
On Sat, Aug 13, 2005 at 03:37:37AM +0000, wisan watcharinporn wrote: > i have database with critical data (such patient information) > how can i protect my database from root access > because this host in company can access with root from many person > (person who manage some service application on host but must not access > this patient information) If you're handling critical, confidential information then you should consult a security professional. No offense intended, but if you have to ask these kinds of questions then you aren't qualified to implement the solution. Even if you encrypt the data so root can't read it, root could still corrupt or destroy it (intentionally or accidentally) with the privilege it wields. If the data is critical and confidential then only trustworthy persons should have access (remote or physical) to the system that stores it. A system that gives root access to "many persons" is a dangerous place to store such data. For the sake of your patients' safety and privacy, please consult a security professional who knows what they're doing. -- Michael Fuhr
> i have database with critical data (such patient information) > how can i protect my database from root access > because this host in company can access with root from many person > (person who manage some service application on host but must not > access this patient information) The only way to be certain that system administrators cannot access patient data is to encrypt the data before storing it in the database. The book that most directly describes this approach to application design is Peter Wayner's _Translucent Databases_; see also his web site... <http://www.wayner.org/books/td/> -- (reverse (concatenate 'string "moc.liamg" "@" "enworbbc")) http://cbbrowne.com/info/ If we were meant to fly, we wouldn't keep losing our luggage.
There is no way to completely prevent those root to acces the database , because root by the meaning is the person to totallycontrol all of the activities in this server include the database. I suggest you to seperate such an important databasefrom those root by the hardware. Amrit i have database with critical data (such patient information) how can i protect my database from root access because this host in company can access with root from many person (person who manage some service application on host but must not access this patient information) thank you _________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar - get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly ---------------------------------------------------------------------------------- http://www.chaiyo.com ไชโยเมล์ - ฟรีอีเมล์รูปแบบใหม่ สดใสกว่าเดิม...
On Fri, 2005-08-12 at 22:37, wisan watcharinporn wrote: > i have database with critical data (such patient information) > how can i protect my database from root access > because this host in company can access with root from many person > (person who manage some service application on host but must not access this > patient information) Ever seen the TShirt "Got root?" If you're root, you're god, pretty much, and get whatever you want. If the data is encrypted before being passed to that server, then you've got some protection, but at a higher processing cost. Generally, when I've worked on database machines, there is one system admin who can log into the machine, and one dba who has the ability to sudo to the postgresql superuser and keep the db happy. That limits the number of people to two. If your DB can keep a unix box happy, then let him own the whole thing and you've got minimum exposure. Expecting to limit roots access once he's on the box is the exact backwards way to handle this. The way to restrict access is to restrict the people who can access the box and the levels of their accounts. If you're in an environment where more than 2 or 3 three people need to know the root password, your environment is messed up.