| Lists: | pgsql-hackers |
|---|
| From: | "Tarun Sharma" <tarun(dot)sharma(at)newgen(dot)co(dot)in> |
|---|---|
| To: | <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Can we hide data from the superadmin |
| Date: | 2009-12-30 10:45:25 |
| Message-ID: | 016501ca893d$322a16f0$583ca8c0@newkmdomain.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
hi,
i assigned super user privelledge to a user by specifing entries in pg_hba.conf file as
host all newuser 127.1.1.1 md5
and the default postgres user is made access to only the default postgres databse and is no more the super user.
the problem is that this conf file is available to all and can be changed again.
can someone assist me with a solution to make this changes static.
thanks
happy new year:-)
----- Original Message -----
From: Tarun Sharma
To: pgsql-hackers(at)postgresql(dot)org
Sent: Tuesday, December 29, 2009 3:56 PM
Subject: Can we hide data from the superadmin
hi
when a superuser is logged in to the postgres server ,he has priveledge to access all the databases.
can we hide the structure of some of the databases from the superuser?
like if he gives command to open such a database the postgres may ask for access password again.
as in Oracle Database Vault, organizations can pro-actively safeguard application data stored in the Oracle database from being accessed by privileged database users
kindly assist me if there exists any solution for this problem.
thanks,
tarun sharma
Disclaimer :- This e-mail and any attachment may contain confidential, proprietary or legally privileged information. If you are not the original intended recipient and have erroneously received this message, you are prohibited from using, copying, altering or disclosing the content of this message. Please delete it immediately and notify the sender. Newgen Software Technologies Ltd (NSTL) accepts no responsibilities for loss or damage arising from the use of the information transmitted by this email including damages from virus and further acknowledges that no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of NSTL.
| From: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
|---|---|
| To: | Tarun Sharma <tarun(dot)sharma(at)newgen(dot)co(dot)in> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Can we hide data from the superadmin |
| Date: | 2009-12-30 14:57:44 |
| Message-ID: | 20091230145743.GD3662@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-hackers |
Tarun Sharma wrote:
> hi,
>
> i assigned super user privelledge to a user by specifing entries in pg_hba.conf file as
>
> host all newuser 127.1.1.1 md5
>
> and the default postgres user is made access to only the default postgres databse and is no more the super user.
>
> the problem is that this conf file is available to all and can be changed again.
It is only available to all if all is somebody who has superuser access
to the operating system, which is something you should avoid.
If you don't trust your OS superuser, there's nothing you can do.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.