Re: pg_hba.conf alternative

Q Beukes schrieb:
> Well,
> 
> I am not looking for 100% security. I know that full access if full access,
> and that even if you were to encrypt the system through Postgre the
> determined
> person WILL always be able to get it out if they have system level access.
> 
> All I wanted to do was to prevent the basic SQL/Linux literate user from
> accessing
> the databases. At the moment it is very easy for them to access the data.
> 
> I trust that they wont go as far as overwriting the system with custom
> compiled
> version, or copying the data and so forth. It just that we would feel
> much better
> if we knew the data wasn't as open as it is now, with a simple pg
> restart it is all
> open?
> 
> Can this only be done by maybe modifying the source to make pg_hba
> fields statically
> compiled into the executable?
> 
Instead, you might want to read about SELinux.
You can protect files even to root (unless they
reboot ;) but really you should have only trusted
people have admin accounts. How comes you have
somebody untrusted as admin?

Regards
Tino