Re: Securing Postgres

Berend Tober wrote:

> L van der Walt wrote:
>
>> I would like to secure Postgres completly.
>>
>> Some issues that I don't know you to fix:
>> 1.  User postgres can use psql (...) to do anything.
>> 2.  User root can su to postgres and thus do anything.
>> 3. Disable all tools like pg_dump
>>
>> How do I secure a database if I don't trust the administrators.
>> The administrator will not break the db but they may not view
>> any information in the databse.
>
>
> It may be just me and my silly old-fashion attitudes, but I kind of
> think that if your sys admin(s) cannot be trusted, you are pretty much
> screwed. And your hiring process needs fixing,
>
> But being that as it may, maintaining physical security, i.e., keeping
> the host server in a locked room with restricted and recorded access
> and that requires at least two persons present so that collusion is
> required for tampering, disabling remote root login, granting limited
> sys admin privileges with sudo (which records the sudoer activities,
> for auditing purposes) might be a way to accomplish what you are
> looking for.
>
>
>
Then, I might as well just leave the whole PostgreSQL DB and write my
own mini DB with encrypted XML files.  I am sure someone must have an
answer for me.