On Thu, Oct 06, 2005 at 11:57:32AM +0200, Martijn van Oosterhout wrote:
> This is the bit that's been bugging me this whole thread. Who owns the
> data? I've had to help people out with programs where they could type
> data in but couldn't get the reports they wanted out. Furtunatly,
> Access's acc
On Wed, Oct 05, 2005 at 06:19:39PM -0700, Uwe C. Schroeder wrote:
> If any of my customers would ask me if they should buy a system where they
> can't access THEIR data in any other way than using the software that comes
> with the deal I'd tell them to back off. Most customers on the planet are
On Wednesday 05 October 2005 07:37, L van der Walt wrote:
> Berend Tober wrote:
> > L van der Walt wrote:
> >> I would like to secure Postgres completly.
> >>
> >> Some issues that I don't know you to fix:
> >> 1. User postgres can use psql (...) to do anything.
> >> 2. User root can su to postgr
On Wed, Oct 05, 2005 at 04:48:33PM +0200, L van der Walt wrote:
> The big problem is that the administrators works for the client and not
> for me. I don't want the client to reverse engineer my database.
You don't need a technical solution; you need a legal one. Anyone with
physical access to
Tom Lane wrote:
L van der Walt <[EMAIL PROTECTED]> writes:
...I can use encryption to protect the data.
If you think encryption will protect you against someone with root
privileges, you're sadly mistaken. ...
All the same points hold for SQL Server of course --- the fact that you
w
Also sprach Stefan 'Kaishakunin' Schumacher ([EMAIL PROTECTED])
> Also sprach L van der Walt ([EMAIL PROTECTED])
> > The big problem is that the administrators works for the client and not
> > for me. I don't want the client to reverse engineer my database.
>
> [...]
>
> > About the raw databa
On Wed, Oct 05, 2005 at 05:27:22PM +0200, L van der Walt wrote:
> I have played now with MySQL and with MySQL you can change the password
> for root in MySQL (same as postgres in PostgreSQL). If you use the
> command line tools like dump you require the password. Just because
> your root doesn
L van der Walt wrote:
Richard Huxton wrote:
L van der Walt wrote:
The big problem is that the administrators works for the client and
not for me. I don't want the client to reverse engineer my database.
There might be other applications on the server so the administrators
do require root ac
On Wed, 2005-10-05 at 09:37, L van der Walt wrote:
> Berend Tober wrote:
>
> > L van der Walt wrote:
> >
> >> I would like to secure Postgres completly.
> >>
> >> Some issues that I don't know you to fix:
> >> 1. User postgres can use psql (...) to do anything.
> >> 2. User root can su to postgr
>No I can not trust the clients administrators.
>I have played now with MySQL and with MySQL you can change the password
>for root in MySQL (same as postgres in PostgreSQL). If you use the
>command line tools like dump you require the password. Just because
>your root doesn't mean your root i
[EMAIL PROTECTED] wrote:
>You could look at what SELinux extensions now available in at least the Red
>Hat (and Fedora) distro offer. I have never done anything with SELinux,
>and a quick review of the archives indicates it is not a slam dunk to use.
>It is designed to create the kind of restricti
tgresql.org
Sent by: cc:
Subject: Re: [GENERAL]
Securi
On Wed, 2005-10-05 at 10:27, L van der Walt wrote:
> Richard Huxton wrote:
>
> > L van der Walt wrote:
> >
> >> The big problem is that the administrators works for the client and
> >> not for me. I don't want the client to reverse engineer my database.
> >> There might be other applications on
On Wed, Oct 05, 2005 at 04:37:38PM +0200, L van der Walt wrote:
> Then, I might as well just leave the whole PostgreSQL DB and write my
> own mini DB with encrypted XML files. I am sure someone must have an
> answer for me.
I think you are missing the point. Root is all powerful, end of story.
Uh. Unless you've done something more than what you say, a windows
administrator can definitely access the data. Maybe most windows
"administrators" don't know how to do it, but it is possible.
I've viewed and changed data on a database on Windows without the database
administrator username an
Richard Huxton wrote:
L van der Walt wrote:
The big problem is that the administrators works for the client and
not for me. I don't want the client to reverse engineer my database.
There might be other applications on the server so the administrators
do require root access.
About the raw d
L van der Walt <[EMAIL PROTECTED]> writes:
> The big problem is that the administrators works for the client and not
> for me. I don't want the client to reverse engineer my database.
> There might be other applications on the server so the administrators do
> require root access.
> About the r
Also sprach L van der Walt ([EMAIL PROTECTED])
> The big problem is that the administrators works for the client and not
> for me. I don't want the client to reverse engineer my database.
[...]
> About the raw database files, I can use encryption to protect the data.
How shall the DBMS acces
At 04:48 PM 10/5/2005 +0200, L van der Walt wrote:
The big problem is that the administrators works for the client and not
for me. I don't want the client to reverse engineer my database.
There might be other applications on the server so the administrators do
require root access.
If it's so
L van der Walt wrote:
>Then, I might as well just leave the whole PostgreSQL DB and write my
>own mini DB with encrypted XML files. I am sure someone must have an
>answer for me.
i think the answer is that windows is giving you a false sense of
security.
in an environment where you cannot tr
If you don't trust the administrators you should find someone else to admin
your machine.
Main question: what do you need the administrators to do for you? If you
only need them to do a few things, then it is much easier to limit their
access.
Because, on most popular systems (e.g. C2-level
L van der Walt writes:
>The big problem is that the administrators works for the client and not
>for me. I don't want the client to reverse engineer my database.
i think you're trying to get native OS security to perform the function
of a well crafted legal document.
richard
-
You could look at what SELinux extensions now available in at least the Red
Hat (and Fedora) distro offer. I have never done anything with SELinux,
and a quick review of the archives indicates it is not a slam dunk to use.
It is designed to create the kind of restrictive environment you describe.
L van der Walt wrote:
The big problem is that the administrators works for the client and not
for me. I don't want the client to reverse engineer my database.
There might be other applications on the server so the administrators do
require root access.
About the raw database files, I can use
The big problem is that the administrators works for the client and not
for me. I don't want the client to reverse engineer my database.
There might be other applications on the server so the administrators do
require root access.
About the raw database files, I can use encryption to protec
Don't forget to CC: the list!
L van der Walt wrote:
Example: On a MS Windows Server with MS SQL Server. The administrator
with the administrator username and password can not access the SQL
server data. He also needs the SA username and password for the SQL
server to do so. He can stop an
Berend Tober wrote:
L van der Walt wrote:
I would like to secure Postgres completly.
Some issues that I don't know you to fix:
1. User postgres can use psql (...) to do anything.
2. User root can su to postgres and thus do anything.
3. Disable all tools like pg_dump
How do I secure a datab
L van der Walt wrote:
I would like to secure Postgres completly.
Some issues that I don't know you to fix:
1. User postgres can use psql (...) to do anything.
2. User root can su to postgres and thus do anything.
3. Disable all tools like pg_dump
How do I secure a database if I don't trust t
L van der Walt wrote:
I would like to secure Postgres completly.
Some issues that I don't know you to fix:
1. User postgres can use psql (...) to do anything.
Prevent anyone from logging in as user postgres.
Remove psql.
2. User root can su to postgres and thus do anything.
That's the ro
29 matches
Mail list logo
