Re: pg_hba.conf alternative

Q Beukes wrote:

>Well,
>
>I am not looking for 100% security. I know that full access if full access,
>and that even if you were to encrypt the system through Postgre the
>determined
>person WILL always be able to get it out if they have system level access.
>
>All I wanted to do was to prevent the basic SQL/Linux literate user from
>accessing
>the databases. At the moment it is very easy for them to access the data.
> mechanism is there for a reason:
>I trust that they wont go as far as overwriting the system with custom
>compiled
>version, or copying the data and so forth. It just that we would feel
>much better
>if we knew the data wasn't as open as it is now, with a simple pg
>restart it is all
>open?
>
>Can this only be done by maybe modifying the source to make pg_hba
>fields statically
>compiled into the executable?
>  
>

Of course it would be possible to hardcode the values - it's a SMOC. But 
nobody round here is likely to do the work reuired, since nobody 
believes it's worth doing, I believe.

This mechanism you object to is there for a reason: if you lock yourself 
out of the database you can recover from the error. The solution you are 
proposing is therefore a huge footgun.

And your user with basic linux/sql knowledge would still be able to see 
data fly by, for example, logging statements, or watching network 
traffic. How hard is it to run ethereal, after all, or tail a log file? 
There is even a module for ethereal that understands the postgres wire 
protocol. You aren't asking for security - you are asking for the 
illusion of security, which many would argue is worse than no security 
at all.

cheers

andrew