protecting database from internet access

hi,

please do the needful..

I am using j2ee on the server side and postgresql as the database to
connect. This database is exposed to the internet.

The user is shown a login page in which user enters its username and
password. Password authentication takes place.This password is authenticated
on the basis of password field in the userprofile table.

some questions :-
1)can anybody tell me how to do this so that the database is at most secure
on the internet ?
2)should i have different password(login password) for the connection string
? or connection string password should be same and authentication should be
done by fetching the password value from the userprofile table for the
coressponding user ?
3)Encrypting the password ?
4)Adding the password in the session so that once authentication is done
user is allowed for authorization for different resources such
databases,tables etc..
5)providing some SSl or tunneling to the database ?

please help with some examples..

i am presently using pg admin III on windows of postgresql. later on might
switch to linux.

i have read about pg_hba.conf file..But these things are not clear to me.

Thanks,
Ashish

_________________________________________________________________
Finding it difficult to find your life partner?Here is your solution
http://www.bharatmatrimony.com/
http://creative.mediaturf.net/creatives/bm05/bm_msn_tagoffline.htm