How to secure PostgreSQL Data for distribute?
Dear All,
I need to distribute my application that use PostgreSQL as database to my customer. But I still have some questions in my mind on database security. I understand that everybody who get my application database will be have a full control permission on my database in case that PostgreSQL already installed on their computer and they are an administrator on PostgreSQL. So that mean data, structure and any ideas contain in database will does not secure on this point. Is my understanding correct?
What is the good way to make it all secure? Please advise.
Premsun,
I need to distribute my application that use PostgreSQL as database to
my customer. But I still have some questions in my mind on database
security. I understand that everybody who get my application database will
be have a full control permission on my database in case that PostgreSQL
already installed on their computer and they are an administrator on
PostgreSQL. So that mean data, structure and any ideas contain in database
will does not secure on this point. Is my understanding correct?What is the good way to make it all secure? Please advise.
I think you have a different definition of "security" from most of us. There
are techniques you could use that would prevent your customer from having
easy direct access to the database on his machine -- but they would also
prevent him from making backups or recovering from a computer problem.
They'd also require a lot of work on your part.
Overall, if your goal is to prevent your customer from having control of their
own data, I don't think an open-source database is the best choice for
you. ;-b
--
Josh Berkus
Aglio Database Solutions
San Francisco
Am Donnerstag, den 18.08.2005, 09:56 +0700 schrieb Premsun
Choltanwanich:
Dear All,
I need to distribute my application that use PostgreSQL as
database to my customer. But I still have some questions in my mind on
database security. I understand that everybody who get my application
database will be have a full control permission on my database in case
that PostgreSQL already installed on their computer and they are an
administrator on PostgreSQL. So that mean data, structure and any
ideas contain in database will does not secure on this point. Is my
understanding correct?What is the good way to make it all secure? Please advise.
Postgres is secure as it garanties your data integrity (as long
as the underlying os plays well). It is also secure in a way
to protect unauthorized access from 3rd party users if the
DBA doesnt want it. (Usuall account and access).
However, if you deliver software to a customer, the software
is the product and the customer can technically do whatever
she wants with it.
Your copyright on the application protects you legally from
someone using exactly your table layout etc. in another application
to sell to another customer (provided the model isnt too simple
or so state of the art that anybody must trivially come to the
same solution)
All the other ideas of IP (intellectual property) seem very
silly when you talk software. Personally I've yet to see
a model worth any thoughts about 'protecting' or obfuscating
it. (That means, something not any talented database designer
can create, faced with the same problem)