> An application using libpq would require that the private unencrypted key be > deployed to the end user, together with the public key and trust cert. This > would mean if the end user is curious enough and computer litterate, he can > bypass the client application and make a direct connection to the server with > psql for example. It's then possible to issue commands like TRUNCATE TABLE...
Sorry, I don't know anything about postgresql.key; but regardless of how you identify and authenticate you need to secure your database from rogue user actions. A user must have the TRUNCATE privilege to truncate a table or be the tables owner. OGo=> truncate table person; ERROR: must be owner of relation person -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
