Re: pg_hba.conf alternative

But why do they need access to the files in the file system?  Why not  
put them on the local box but don't give them permissions to edit the  
pg_hba file?  They should still be able to connect.

On Feb 9, 2006, at 5:56 PM, Q Beukes wrote:

> I did consider that, but the software we use (which again uses  
> postgresql)
> atm only supports local connection to the database.
>
> I am the database admin, the other admins just manage stuff like user
> accounts,
> checking logs, etc...
>
> Unfortunately there is no other way to set it up, and like I mentioned
> government security is not required.
>
> I did however statically code the pg_hba.conf file into pg binaries.
>
> The only way I found to access the db now would be to replace the  
> binary
> and
> possibly sniffing traffic. But we're not worried about that. They  
> not really
> criminally minded people.
>
> thx for everyones help anyway ;>
>
>
> korry wrote:
>
>>> Why would you not simply set this up on a seperate machine to  
>>> which only
>>> the trusted admins had access? Most data centers I am familiar  
>>> with use
>>> single purpose machines anyway. If someone is trusted as root on  
>>> your
>>> box they can screw you no matter what you do. Pretending  
>>> otherwise is
>>> just folly.
>>>
>>>
>>
>> Agreed - that would be a much better (easier and more secure)  
>> solution where
>> practical.
>>
>>             -- Korry
>>
>> ---------------------------(end of  
>> broadcast)---------------------------
>> TIP 3: Have you checked our extensive FAQ?
>>
>>               http://www.postgresql.org/docs/faq
>>
>>
>>
>
>
> ---------------------------(end of  
> broadcast)---------------------------
> TIP 4: Have you searched our list archives?
>
>                http://archives.postgresql.org
>