0

In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.

So, Is there way to password protect our database even someone change pg_hba.conf to trust

( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )

Dhanushka Anuradha
  • 1
  • 1
  • You can't protect client-side data that way. No matter what you do, anything the client has access to will be available for your users. Encryption may be an option to achieve some of your goals, but that is far from straightforward to get right, and you will have to make compromises. – Gabor Lengyel Nov 11 '18 at 10:53

1 Answers1

0

As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.

Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.

I don't think postresql is the answer for your requirement, maybe SQLite is the right one.

Victorqedu
  • 484
  • 4
  • 20