On Tue, 2002-10-22 at 12:12, Igor Georgiev wrote: > > > edit *pg_hba.conf * > > > # Allow any user on the local system to connect to any > > > # database under any username, but only via an IP connection: > > > host all 127.0.0.1 255.255.255.255 trust > > > # The same, over Unix-socket connections: > > > local all trust > > what about reading pg_hba.conf comments? > > local all md5 > > > > Ok, but my question actually isn't about pg_hba.conf comments, i read enough > but what will stop root from adding this lines or doing su - postgres ??
Next your going to ask what will stop root from stopping your PostgreSQL, compiling a second copy with authentication disabled and using your data directory as it's source :) If you want to prevent root from accomplishing these things, you're going to have to look to your kernel for help. The kernel must prevent root from changing users, starting / stopping applications, or touching certain filesystems. PostgreSQL will let you put a password on the data. But that only works if they actually try to use PostgreSQL to get at the data. There are a couple of tools which were designed to recover database data while the db is not running. -- Rod Taylor ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
