am Mon, dem 22.01.2007, um 16:10:15 +0200 mailte Sim Zacks folgendes: > How good is postgresql security? > For example, If I have data that I do not anyone to see, including the > programmer/dba, is it enough to change the password to the only user? > If they have access to the raw files is there a way for them to somehow see > the data? > can they copy the files to another postgresql instance where they have > rights and view the data?
I think, anyone with read access to the database files can read the information stored in this files. This isn't a postgresql-problem, this is a general problem. > > Basically, we have a requirement to put sensitive personnel information > into the database, including salary etc. and we don't want any employees, > including the dba to have a possibility of accessing it. Store the sensitive data encrypted, and use SSL or other encrypted communication between server and client. Andreas -- Andreas Kretschmer Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header) GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
