Jim, Yes, you are right. Generally the security control here is encryption of data at rest (TDE), but PostgreSQL doesn't support it, to my knowledge. I know about that vulnerability, but here I posed the question on different one. I agree it is smaller one, compare to the absence of TDE, but I would like to find out if this gates are opened too or not.
Thanks, Oleg On Tue, Dec 22, 2015 at 8:48 PM, Jim Nasby <jim.na...@bluetreble.com> wrote: > On 12/22/15 6:03 PM, oleg yusim wrote: > >> Absolutely. But we are not talking about that type of data leakage here. >> We are talking about potential situation when user, who doesn't have >> access to database, but has (or gained) access to the Linux box DB is >> installed one and gets his hands on data, database processes stored in >> memory (memory would be a common resource here). >> > > Of far larger concern at that point is unauthorized access to the database > files. > > Basically, if someone gains access to the OS user that Postgres is running > as, or to root, it's game-over. > -- > Jim Nasby, Data Architect, Blue Treble Consulting, Austin TX > Experts in Analytics, Data Architecture and PostgreSQL > Data in Trouble? Get it in Treble! http://BlueTreble.com >
