But why do they need access to the files in the file system? Why not
put them on the local box but don't give them permissions to edit the
pg_hba file? They should still be able to connect.
On Feb 9, 2006, at 5:56 PM, Q Beukes wrote:
I did consider that, but the software we use (which again uses
postgresql)
atm only supports local connection to the database.
I am the database admin, the other admins just manage stuff like user
accounts,
checking logs, etc...
Unfortunately there is no other way to set it up, and like I mentioned
government security is not required.
I did however statically code the pg_hba.conf file into pg binaries.
The only way I found to access the db now would be to replace the
binary
and
possibly sniffing traffic. But we're not worried about that. They
not really
criminally minded people.
thx for everyones help anyway ;>
korry wrote:
Why would you not simply set this up on a seperate machine to
which only
the trusted admins had access? Most data centers I am familiar
with use
single purpose machines anyway. If someone is trusted as root on
your
box they can screw you no matter what you do. Pretending
otherwise is
just folly.
Agreed - that would be a much better (easier and more secure)
solution where
practical.
-- Korry
---------------------------(end of
broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?
http://www.postgresql.org/docs/faq
---------------------------(end of
broadcast)---------------------------
TIP 4: Have you searched our list archives?
http://archives.postgresql.org
---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
