| From: | Együd Csaba <csegyud(at)vnet(dot)hu> |
|---|---|
| To: | 'Sean Davis' <sdavis2(at)mail(dot)nih(dot)gov> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Making the DB secure |
| Date: | 2005-06-17 13:53:00 |
| Message-ID: | 0II800CQCEKBQ9@mail.vnet.hu |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Dear Sean,
yes, maybe.
But actually I thought some suggestions. The only real problem of mine is to
configure the SSL. I am able configure the pg_hba.conf (at least I think so
now), we have a firewal on the server too.
I meant that maybe somebody can suggest something to make the thing more
secure.
Thank you,
-- Csaba
-----Original Message-----
From: Sean Davis [mailto:sdavis2(at)mail(dot)nih(dot)gov]
Sent: Friday, June 17, 2005 3:09 PM
To: Együd Csaba
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Making the DB secure
On Jun 17, 2005, at 8:49 AM, Együd Csaba wrote:
> Hi,
> we plan to make available our database from the internet (direct
> tcp/ip based connections). We want to make it as secure as possible.
> There are a few users who could access the database, but we want to
> block any other users to access.
>
> Our plans are:
> - using encripted (ssl) connections - since sensitive (medical)
> personal information are stored.
> (How to setup this? What do we need on server side, and what on
> client
> side?)
> - using pg_hba.conf to configure authentication method and IP filters
> - forcing our users to change their passwords frequently
> - applying strong password policy (long pw, containing
> upper/lowercase characters and numbers)
>
> Could anybody suggest us something more valuable features in postgres
> to improve the security?
> Regarding SSL, I'd like to know how to use it correctly. What we have
> to do on the server to accept ssl connections, and what kind of client
> softwares are required.
>
> Many thanks,
>
> -- Csaba Együd
It sounds like you might want to think about hiring a consultant to help out
here--what do others think? With medical information, this is not something
you want to get wrong.
Sean
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2005-06-17 13:54:52 | Re: Autovacuum in the backend |
| Previous Message | Michael Fuhr | 2005-06-17 13:50:56 | Re: psql: FATAL: database "template1" is not currently accepting connections |