Local authentication/security
Hello,
I would like to be able to restrict the access to a database so that
only a specific program running on the same machine can access it, is
this possible ? So I would like to have some kind of secure
authentication(or something) between the database and the program, and
the user running the program should not be able to get access to the
database through any other way than this specific program.
Any help would be most valuable!
Regards Marcus
Lange Marcus wrote:
Hi,
I guess the answer to the 2 questions would be, yes the user will
probably have physical access to the machine, but will not have
superuser access. The OS is, atleast for now, windows.I have been looking and searching manuals and so on for different
methods but I still haven�t figured out how or if it is possible. To
be more specific about what I really want: I have an application that
will insert some data into a database and while this data is in the
database I dont want it to be possible to copy it or in any other way
get access to it, except through that application that inserted it.
It woule be acceptable if, and maybe even preferbly when the program
exit, that the database are deleted (so that it is only stored in
memory while using it). But if there is a way to build up a database
that is protected when stored on disc that would also be acceptable.
If the user has physical access to the machine then there's nothing you
can do to stop someone who is (a) determined and (b) knowledgeable.
If you want to stop casual access though:
1. Make sure PostgreSQL + its files aren't accessible to normal users.
2. Make sure application will only run as user X
3. Set up a pgpass.conf file only accessible by user X
4. Lock down BIOS etc. to prevent someone booting from a CD-ROM or USB
stick.
http://www.postgresql.org/docs/8.2/static/libpq-pgpass.html
That should cope with someone who doesn't know what they're doing. If
you're worried about them removing the hard-disk then you'll need to set
up an encrypted filesystem and figure out a way to get a password
entered on reboot.
--
Richard Huxton
Archonet Ltd
Import Notes
Reply to msg id not found: 6F2815FEE7F896458CDE99423F396992012FC4A0@corpappl002.corp.saab.se
Lange Marcus wrote:
I would like to be able to restrict the access to a database so that
only a specific program running on the same machine can access it,
In postgresql.conf, set
unix_socket_permissions = 770
unix_socket_group = postgres
and make your program setgid postgres. Or some variant of this
involving those parameters.
--
Peter Eisentraut
http://developer.postgresql.org/~petere/
Ok. But apart from the risk with having the physical access to the computer, would it be a reasonable safe solution to limit the access with a password then ? So that, assuming a user does not have the possibility to get any kind of root access, there is no way to read or copy the database unless you login as the correct user ? And if only the program knows the password, then the user running the program will not be able to access the database, except through the program ?
Is there a way to assure that the database does not get stored on disk ? If my program, everytime it starts, would create or build up the database could this database be kept in RAM ? Or does postgres automatically create a database file or something ? Do you understand what i mean ?
Another question, are md5 passowords supported under windows ?
Regards,
Marcus
-----Original Message-----
From: Richard Huxton [mailto:dev@archonet.com]
Sent: den 23 augusti 2007 16:02
To: Lange Marcus; PG-General Mailing List
Subject: Re: [GENERAL] Local authentication/security
Lange Marcus wrote:
Hi,
I guess the answer to the 2 questions would be, yes the user will
probably have physical access to the machine, but will not have
superuser access. The OS is, atleast for now, windows.I have been looking and searching manuals and so on for different
methods but I still haven´t figured out how or if it is possible. To
be more specific about what I really want: I have an application that
will insert some data into a database and while this data is in the
database I dont want it to be possible to copy it or in any other way
get access to it, except through that application that inserted it.
It woule be acceptable if, and maybe even preferbly when the program
exit, that the database are deleted (so that it is only stored in
memory while using it). But if there is a way to build up a database
that is protected when stored on disc that would also be acceptable.
If the user has physical access to the machine then there's nothing you can do to stop someone who is (a) determined and (b) knowledgeable.
If you want to stop casual access though:
1. Make sure PostgreSQL + its files aren't accessible to normal users.
2. Make sure application will only run as user X 3. Set up a pgpass.conf file only accessible by user X 4. Lock down BIOS etc. to prevent someone booting from a CD-ROM or USB stick.
http://www.postgresql.org/docs/8.2/static/libpq-pgpass.html
That should cope with someone who doesn't know what they're doing. If you're worried about them removing the hard-disk then you'll need to set up an encrypted filesystem and figure out a way to get a password entered on reboot.
--
Richard Huxton
Archonet Ltd
Lange Marcus wrote:
Ok. But apart from the risk with having the physical access to the
computer, would it be a reasonable safe solution to limit the access
with a password then ? So that, assuming a user does not have the
possibility to get any kind of root access, there is no way to read
or copy the database unless you login as the correct user ? And if
only the program knows the password, then the user running the
program will not be able to access the database, except through the
program ?
Make sure that only the postgres user can read/write the database files.
Make sure that only the application has a password to access the database.
Make sure that there aren't any tools that let you trap
system-calls/dump memory as an unprivileged user.
Is there a way to assure that the database does not get stored on
disk ? If my program, everytime it starts, would create or build up
the database could this database be kept in RAM ? Or does postgres
automatically create a database file or something ? Do you understand
what i mean ?
You could create a ramdisk, then create the database on that. Of course,
if you lose power then you lose your data. Check the manuals for details
on "tablespaces" for how to have some DB objects in a different location.
Another question, are md5 passowords supported under windows ?
Any reason why they shouldn't be?
Not that it matters in your case. The password might as well be
"password" - if they get access to the files/application, it's game over.
--
Richard Huxton
Archonet Ltd
Is there a way to assure that the database does not get
stored on disk
? If my program, everytime it starts, would create or build up the
database could this database be kept in RAM ? Or does postgres
automatically create a database file or something ? Do youunderstand
what i mean ?
You could create a ramdisk, then create the database on that.
Of course, if you lose power then you lose your data. Check
the manuals for details on "tablespaces" for how to have some
DB objects in a different location.Another question, are md5 passowords supported under windows ?
Any reason why they shouldn't be?
Not that it matters in your case. The password might as well
be "password" - if they get access to the files/application,
it's game over.
What about having some of the columns encrypted in the database ?
Will that improve things abit ?
Regards Marcus
Lange Marcus wrote:
Not that it matters in your case. The password might as well
be "password" - if they get access to the files/application,
it's game over.What about having some of the columns encrypted in the database ?
Will that improve things abit ?
Not unless you can keep the key protected. If you prevent access to a
file containing the key then you can do the same to the database and
application files.
Can you tell us what you're trying to do? What are you going to deploy,
and what threats do you want to protect against?
--
Richard Huxton
Archonet Ltd
Lange Marcus wrote:
Not that it matters in your case. The password might as well be
"password" - if they get access to the files/application,it's game
over.
What about having some of the columns encrypted in the database ?
Will that improve things abit ?Not unless you can keep the key protected. If you prevent
access to a file containing the key then you can do the same
to the database and application files.Can you tell us what you're trying to do? What are you going
to deploy, and what threats do you want to protect against?
I have some data in an encrypted external dataformat that i wish to
insert into the database and keep some level of protection/security
and prevent/complicate the possibility to read and copy the data, that
is basically it.
Regards Marcus