| From: | Andreas <maps(dot)on(at)gmx(dot)net> |
|---|---|
| To: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-18 16:18:48 |
| Message-ID: | 4C1B9C68.5010801@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Am 15.06.2010 14:16, schrieb Jean-Yves F. Barbier:
> Le 15 Jun 2010 09:14:57 GMT,
> Jasen Betts<jasen(at)xnet(dot)co(dot)nz> a écrit :
>
>
>> On 2010-06-14, Jean-Yves F. Barbier<12ukwn(at)gmail(dot)com> wrote:
>>
>>> Hi list,
>>>
>>> Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>>>
>>>
>> assuming you have secured the port using pg_hba.conf
>> should be safe until the next time someone finds an
>> openssl exploit....
>>
> Ok, so AFAI understand you, the danger's the same as leaving port 22 open
> on my machine?
>
If you have 22 open anyway then why not using an ssh-tunnel ?
Only that ssh usually has smaller keys than 4096bits.
And SSH offers compression on the fly which might save some bytes.
Then you just have to figure out how to have your clients access PG via
SSH-tunnel but not letting them tunnel to every other port within the
server.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andreas | 2010-06-18 16:24:20 | mysterious sortorder issue |
| Previous Message | Atif Jung | 2010-06-18 16:03:10 | How to get the logged on user in perlu script |