| From: | Geoffrey <esoteric(at)3times25(dot)net> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Making the DB secure |
| Date: | 2005-06-17 19:54:28 |
| Message-ID: | 42B32A74.9070600@3times25.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Együd Csaba wrote:
> Hi,
> we plan to make available our database from the internet (direct tcp/ip
> based connections). We want to make it as secure as possible. There are a
> few users who could access the database, but we want to block any other
> users to access.
>
> Our plans are:
> - using encripted (ssl) connections - since sensitive (medical) personal
> information are stored.
> (How to setup this? What do we need on server side, and what on client
> side?)
> - using pg_hba.conf to configure authentication method and IP filters
> - forcing our users to change their passwords frequently
> - applying strong password policy (long pw, containing upper/lowercase
> characters and numbers)
>
> Could anybody suggest us something more valuable features in postgres to
> improve the security?
> Regarding SSL, I'd like to know how to use it correctly. What we have to do
> on the server to accept ssl connections, and what kind of client softwares
> are required.
It sounds to me like you plan to put the database server on the
internet. I hope not. It should at the very least be in a dmz:
database server <-> web server <-> firewall <-> internet
--
Until later, Geoffrey
| From | Date | Subject | |
|---|---|---|---|
| Next Message | eric | 2005-06-17 20:01:22 | Re: Help: chinese character set support (EUC_TW to/from |
| Previous Message | Bruno Wolff III | 2005-06-17 19:49:39 | Re: Foreign key to a view (UNION of two or more tables), any alternative? |