开发者

Prevent delete/update for tables by even superadmin/dba?

开发者 https://www.devze.com 2023-01-27 17:33 出处:网络
There are some mission critical tables which i need to ensure never get deleted or edited. only possible action is to read from it and the dba can add more rows. That\'s it.
相关专题:databasepostgresql

There are some mission critical tables which i need to ensure never get deleted or edited. only possible action is to read from it and the dba can add more rows. That's it.

Now for added security i want to prevent even the dba from being able to delete/alter the records, so basically no one can ever delete or alter a record, no super admin also. These tables are critical for activity tracking of certain type of users who's data i need to p开发者_如何学运维reserve indefinitely and some are critical lookup tables. So a mixture of system locked values and user tracked values.

Idea is if someone wants to destroy the data they need to kill that database. Is there a way to do this?

No, not possible, the superuser is always in control of the database. You could REVOKE update and delete permissions, but a superuser can always GRANT these permissions to himself again.

There is no way you can prevent a superuser to do something. The only thing you can do is prevent ANY user from ACCIDENTALLY deleting or updating the records. This can be achieved by creating rule on update and on delete. 

CREATE [ OR REPLACE ] RULE name AS ON event  
    TO table [ WHERE condition ]  
    DO [ ALSO | INSTEAD ] { NOTHING | command | ( command ; command ... ) }

See this link for reference.

For MySQL, the following approach can be taken.

Once you have your application accounts in place, drop the superuser account (really, any account "WITH GRANT OPTION"). The system admin accounts should only have permission to stop and start the system, but not to read from your sensitive table.

Next, alter your table so that it uses the MEMORY engine. This means that the application administrator (not the DBA) will need to restore the contents whenever the database is restarted. It also means that the DBA cannot restart the database with the "skip-grants" option to gain access to the data - because the data will evaporate during the restart. (However, the system's root user can always dump the system memory and find your data in that.)

A better approach is to encrypt your data in the application with a key only known by the application administrator.

0

上一篇:

:下一篇

更多 问答 相关资讯:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

    关注公众号

    热门标签

    图文推荐

    Delphi - Custom drawing a message list

    Delphi - Custom drawing a message list
    C++ header-only include pattern

    C++ header-only include pattern
    IE7 Margin Collapses Into Padding

    IE7 Margin Collapses Into Padding
    in CoffeeScript, how can I use a variable as a key in a hash?

    in CoffeeScript, how can I use a variable as a key in a hash?
    Interactive visualization of a graph in python [closed]

    Interactive visualization of a graph in python [closed]
    How to customise PHP MYSQL tables?

    How to customise PHP MYSQL tables?
    High quality, simple random password generator

    High quality, simple random password generator
    Image Recognition ApI in android

    Image Recognition ApI in android

    开发者开发者网给大家分享系统运维,大数据运维,云计算,编程开发技巧,路由交换,运维和开发相关的资讯及技术文章,同时StackOverflow中文社区,知识经验交流分享。

    法律声明:本站内容均为网友上传,网站举办方负责审核和监督,如存在版权或非法内容,欢迎举报,我们将尽快予以删除。邮箱:devze@qq.com

    Copyright © 2018-2020 开发者. All rights reserved. Powered by 开发者ICP备案号: 京ICP备10032868号-9