Обсуждение: (not so?) silly question
Hi list, Is it safe to leave an internet access to SSL Pg (4096 bits key) or not? -- Honi soit la vache qui rit.
Jean-Yves F. Barbier <12ukwn@gmail.com> wrote: > Hi list, > > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not? Do you need inernet access? Andreas -- Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect. (Linus Torvalds) "If I was god, I would recompile penguin with --enable-fly." (unknown) Kaufbach, Saxony, Germany, Europe. N 51.05082°, E 13.56889°
On 2010-06-14, Jean-Yves F. Barbier <12ukwn@gmail.com> wrote: > Hi list, > > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not? > assuming you have secured the port using pg_hba.conf should be safe until the next time someone finds an openssl exploit....
Le Tue, 15 Jun 2010 06:55:45 +0200,
Andreas Kretschmer <akretschmer@spamfence.net> a écrit :
> Jean-Yves F. Barbier <12ukwn@gmail.com> wrote:
>
> > Hi list,
> >
> > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>
> Do you need inernet access?
No, I just asked to test my new keyboard...
--
If God did not exist, it would be necessary to invent him.
-- Voltaire, "Epitres, XCVI"
Le 15 Jun 2010 09:14:57 GMT, Jasen Betts <jasen@xnet.co.nz> a écrit : > On 2010-06-14, Jean-Yves F. Barbier <12ukwn@gmail.com> wrote: > > Hi list, > > > > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not? > > > > assuming you have secured the port using pg_hba.conf > should be safe until the next time someone finds an > openssl exploit.... Ok, so AFAI understand you, the danger's the same as leaving port 22 open on my machine? -- X-rated movies are all alike ... the only thing they leave to the imagination is the plot.
Le Tue, 15 Jun 2010 06:55:45 +0200, Andreas Kretschmer <akretschmer@spamfence.net> a écrit : > Jean-Yves F. Barbier <12ukwn@gmail.com> wrote: > > > Hi list, > > > > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not? > > Do you need inernet access? Of course I need one, otherwise I wouldn't ask. My goal is also to use the Pg server part using a client only instead of using a client-server, witch seems logical (well, for me: why reinvent the wheel?). <- is this realistic? But may be I should use a double security and use a tunnel or a VPN connection on top of this (but it will bring its part of bytes overhead.) -- Never eat anything bigger than your head.
Am 15.06.2010 14:16, schrieb Jean-Yves F. Barbier: > Le 15 Jun 2010 09:14:57 GMT, > Jasen Betts<jasen@xnet.co.nz> a écrit : > > >> On 2010-06-14, Jean-Yves F. Barbier<12ukwn@gmail.com> wrote: >> >>> Hi list, >>> >>> Is it safe to leave an internet access to SSL Pg (4096 bits key) or not? >>> >>> >> assuming you have secured the port using pg_hba.conf >> should be safe until the next time someone finds an >> openssl exploit.... >> > Ok, so AFAI understand you, the danger's the same as leaving port 22 open > on my machine? > If you have 22 open anyway then why not using an ssh-tunnel ? Only that ssh usually has smaller keys than 4096bits. And SSH offers compression on the fly which might save some bytes. Then you just have to figure out how to have your clients access PG via SSH-tunnel but not letting them tunnel to every other port within the server.