Re: looking for a secure

On Tue, 31 Jul 2001, Fran Fabrizio wrote:

> - SSL? is this even possible? The db client on those 10,000 machines
> is going to be a very lightweight C program out of necessity (perl and
> other languages is not supported, these machines are old and often we
> don't have permission to install new languages on them anyway)
>
> - the sensitive data fields can be encrypted in some reversible but
> secure fashion when we store them in the database
>
> - we can use things like tripwire, etc... to detect any unauthorized
> access to the db server machine
>
> - i have a nagging feeling i'm not seeing the big picture. does
> postgres have some other built-in security features that would help
> secure the box? revers lookups, maybe? or something else?
>
> I'm really interested in seeing what other people have done to alleviate
> these types of concerns, and what if anything I am missing as I approach
> the problem.

PostgreSQL can use SSL; can you write a lightwight C program
that supports it well?

I don't think PG has any features like reverse lookups, etc., but you
could certainly set up a firewall to do so.

PG <--> PG_FW <--> Internet

where PG_FW is a machine/process that only allows connections to port 5432
of PG if the IP address is on an approved list, or such.

Or, could you use a web app as the client program? Then, your connections
are coming just from your web server, and your clients can use any kind of
web authentication to connect to the web server.

--
Joel Burton <jburton(at)scw(dot)org>
Director of Information Systems, Support Center of Washington