c k wrote: > One of our customer found that few of it's employees are trying to > change the data without having any proper rights. The simplest way > is to get the control of the server and then change the mode of the > authentication to trust and restart the server. There's your problem right there. I once had the great pleasure and honor of attending a luncheon where Admiral Grace Hopper[1] spoke. One of the topics she addressed was security. She emphasized that if someone has physical access to your hardware, the game is over. She asserted that if anyone in the room gave her ten minutes alone with their computer, she could breach security, and dared those in attendance to let her prove it. (Nobody took her up on it.) Without getting into gory details, I realize that there are techniques which could make certain types of attack difficult even with physical access, but there are some absolute security deal-breakers. If someone can log on to the OS running your database as the root user, you had better trust that person, because they can do pretty much anything. Any sense that you're secure in the face of an untrusted user with root access is purely illusionary. What's to stop them from creating a custom version of any software (including PostgreSQL) which has a back-door access that lets them in? It seems to me that you either need to look at providing your software as a service, so that you retain control of the hardware, or educate your customers on security principles. -Kevin [1] http://en.wikipedia.org/wiki/Grace_Hopper
-- Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
