Home > mailing lists

Re: Is there any such thing as PostgreSQL security on a hosted website? - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Is there any such thing as PostgreSQL security on a hosted website?
Date	July 29, 2002 10:20:50
Msg-id	20612.1027952453@sss.pgh.pa.us Whole thread Raw
In response to	Is there any such thing as PostgreSQL security on a hosted website? ("Scott Gammans" <nospam_deepgloat@yahoo.com>)
List	pgsql-general

Tree view

"Scott Gammans" <nospam_deepgloat@yahoo.com> writes:
> What is to stop a company that is hosting my
> PostgreSQL-enabled website from changing my
> pg_hba.conf file to "TRUST" so that they can go in and
> snoop around my online PostgreSQL databases?

If they have root on the machine running your DBMS, then only their own
integrity stops them from snooping all they want.  There is NOTHING that
Postgres can possibly do to defend itself against a root user.  "TRUST"
is the least of your worries --- they can alway just examine the
physical files holding the database.

            regards, tom lane

pgsql-general by date:

From: Stephan Szabo
Date: 29 July 2002, 10:18:49
Subject: Re: back space key and arrows keys

From: Richard Huxton
Date: 29 July 2002, 10:45:19
Subject: Re: Problematic Index Scan

Re: Is there any such thing as PostgreSQL security on a hosted website? - Mailing list pgsql-general

Previous

Next