| From: | paul rivers <rivers(dot)paul(at)gmail(dot)com> |
|---|---|
| To: | Collin <adderd(at)kkmfg(dot)com> |
| Cc: | Jorge Godoy <jgodoy(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org, rod(at)iol(dot)ie, dfx(at)dfx(dot)it |
| Subject: | Re: Connect to postgres from a dynamic IP |
| Date: | 2008-03-03 16:40:42 |
| Message-ID: | 47CC2A0A.2030106@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Collin wrote:
>
>>>
>>> But make it "hostssl" instead of "host", to require some
>>> cryptography in the channel used, specially to authenticate the
>>> connection.
>>>
>>> Opening your access to everyone without crypto sounds like something
>>> you don't want to do. Specially if users can change their own
>>> passwords...
>>
>> My understanding is no password is sent in the clear with md5 per:
>>
>> http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSWORD
>>
>>
>>
>> Paul
>>
> However, it depends on the sort of data you are accessing. Sending a
> MD5 password is all well and good but if your data consists of credit
> card info or trade secrets then you'll want that encrypted too.
>
Yes true, if your data is sensitive, go with SSL.
On the other hand, if you're sending credit card data around, you must
comply with the PCI audit regulation, in which case there is exactly
0.0% chance you're putting your database port on a public network.
Regards,
Paul
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bruce Momjian | 2008-03-03 17:18:15 | Re: partitioning using dblink |
| Previous Message | Collin | 2008-03-03 16:35:39 | Re: Connect to postgres from a dynamic IP |