PostgreSQL security local (pg_hba.conf )
up vote
0
down vote
favorite
In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
postgresql security local pg-hba.conf
asked Nov 11 at 9:31
Dhanushka Anuradha
11
add a comment |
up vote
0
down vote
favorite
In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
postgresql security local pg-hba.conf
asked Nov 11 at 9:31
Dhanushka Anuradha
11
You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises.
– Gabor Lengyel
Nov 11 at 10:53
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
postgresql security local pg-hba.conf
asked Nov 11 at 9:31
Dhanushka Anuradha
11
In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
postgresql security local pg-hba.conf
postgresql security local pg-hba.conf
asked Nov 11 at 9:31
Dhanushka Anuradha
11
asked Nov 11 at 9:31
Dhanushka Anuradha
11
asked Nov 11 at 9:31
Dhanushka Anuradha
11
asked Nov 11 at 9:31
Dhanushka Anuradha
11
asked Nov 11 at 9:31
Dhanushka Anuradha
11
11
You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises.
– Gabor Lengyel
Nov 11 at 10:53
add a comment |
You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises.
– Gabor Lengyel
Nov 11 at 10:53
You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises.
– Gabor Lengyel
Nov 11 at 10:53
You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises.
– Gabor Lengyel
Nov 11 at 10:53
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.
answered Nov 11 at 11:19
Victorqedu
1277
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.
answered Nov 11 at 11:19
Victorqedu
1277
add a comment |
up vote
0
down vote
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.
answered Nov 11 at 11:19
Victorqedu
1277
add a comment |
up vote
0
down vote
up vote
0
down vote
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.
answered Nov 11 at 11:19
Victorqedu
1277
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.
answered Nov 11 at 11:19
Victorqedu
1277
answered Nov 11 at 11:19
Victorqedu
1277
answered Nov 11 at 11:19
Victorqedu
1277
answered Nov 11 at 11:19
Victorqedu
1277
1277
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53247416%2fpostgresql-security-local-pg-hba-conf%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises.
– Gabor Lengyel
Nov 11 at 10:53