2

I need ensure the data safety (no unwanted reading or writing) in a software that will be running in the user machine (both application and database).

I know for sure that storing the DB credentials hardcoded isn't a good one, but in this scenario it seems I am running short of alternatives. If I can't avoid this, is there a way PostgreSQL will keep an access log safe from user modification?

What is the best approach to avoid user access to a database stored in its own machine?

Improve this question
5
  • 1
    Is there a reason they will be using a full version of Postgres on their local machine? It seems that if you need to protect access, an embedded database like H2 - where you can encrypt the datafile might be good. With a database server like postgres - if a user has root access on their machine, then they will be able to get into the db with some quick modifications to the PG_HBA.CONF file. Commented Sep 30, 2012 at 15:07
  • you wanna secure the data or the credentials? Commented Sep 30, 2012 at 18:21
  • @NeilMcGuigan The final goal is to protect the data, so the credentials hardcoded is a major problem. Commented Sep 30, 2012 at 21:52
  • @jcern H2 seems to be a good choice. Are there other similar and reliable for C++? Commented Sep 30, 2012 at 21:53
  • 1
    I am not that familiar with libraries for c++, but there are a bunch of embeddable databases that seem to offer support. Take a look at: en.wikipedia.org/wiki/Embedded_database - MySQL and ITTIA seem like they might work in that situation. Commented Sep 30, 2012 at 22:03

1 Answer 1

Reset to default
2

i'm pretty sure they can always gain access to the database on their own machine. even if they don't know the password, they can make themselves root and change it.

why don't you encrypt the data instead?

encrypt it with your public key. keep your public key on their machine.

send data to your own server. use your private key to decrypt it.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Nice one, but it's for an offline solution. I can't force the user enable internet connectivity in the environment where it will be running

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.