johnf <jfabiani(at)yolo(dot)com> writes:
> I have one remote user that wants to connect via DSL and a dynamic IP. I do
> NOT want to open the database to all internet IP's. Of course the fear is
> someone will attack and break the password for the remote user. What is the
> best way I can do this?
Limit the range of IPs as much as you can, and require the connection to
use SSL, and maybe insist on a client certificate.
regards, tom lane