| From: | Martijn van Oosterhout <kleptog(at)svana(dot)org> |
|---|---|
| To: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: security question |
| Date: | 2007-01-22 15:33:39 |
| Message-ID: | 20070122153339.GB29762@svana.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Jan 22, 2007 at 08:30:53AM -0600, Ron Johnson wrote:
> > The answer depends heavily on what the "programmer/dba" can do.
> >
> > Any superuser of the DB can see any data
> > Any user that can access the raw files can see any data
> > Any user that can poke into memory can see any data
> > Any user that can access the backups can see any data there
> >
> > So in theory, if you restrict the programmer appropriately you could do
> > it, but you have to check they can still do their job.
>
> Anyone tried running PG with restrictive SELinux policies?
I beleive redhat does this by default, if you have SELinux enabled.
Suitably restricted, it should mean the dba/programmer won't be able to
get at the data except via the database.
I don't know of anyone that's actually done this.
Have a nice day,
--
Martijn van Oosterhout <kleptog(at)svana(dot)org> http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2007-01-22 15:36:20 | Re: CAST function for user defined type |
| Previous Message | Bruce Momjian | 2007-01-22 15:30:09 | Re: [HACKERS] Autovacuum Improvements |