Re: Making the DB secure
| От | Geoffrey |
|---|---|
| Тема | Re: Making the DB secure |
| Дата | |
| Msg-id | 42B32A74.9070600@3times25.net обсуждение исходный текст |
| Ответ на | Making the DB secure (Együd Csaba <csegyud@vnet.hu>) |
| Список | pgsql-general |
Együd Csaba wrote: > Hi, > we plan to make available our database from the internet (direct tcp/ip > based connections). We want to make it as secure as possible. There are a > few users who could access the database, but we want to block any other > users to access. > > Our plans are: > - using encripted (ssl) connections - since sensitive (medical) personal > information are stored. > (How to setup this? What do we need on server side, and what on client > side?) > - using pg_hba.conf to configure authentication method and IP filters > - forcing our users to change their passwords frequently > - applying strong password policy (long pw, containing upper/lowercase > characters and numbers) > > Could anybody suggest us something more valuable features in postgres to > improve the security? > Regarding SSL, I'd like to know how to use it correctly. What we have to do > on the server to accept ssl connections, and what kind of client softwares > are required. It sounds to me like you plan to put the database server on the internet. I hope not. It should at the very least be in a dmz: database server <-> web server <-> firewall <-> internet -- Until later, Geoffrey
В списке pgsql-general по дате отправления: