Обсуждение: Request: Revive the security-specific section
Hello,
Google Cloud Blog recently published a guide on securing DBs in the cloud and tried to link to your latest docs on hardening Postgres, but all we could find is this doc from version 7. It appears that the knowledge from that page has been redistributed across the manual in versions 8+, making it difficult to point to a single authoritative resource. I'm writing to request that a single section on security be revived in a future revision of the manual.
Thank you,
Ian Maddox
Google Cloud Solutions Architect
On 5/2/18 18:59, Ian Maddox wrote: > Google Cloud Blog recently published a guide on securing DBs in the > cloud > <https://cloudplatform.googleblog.com/2018/04/best-practices-for-securing-your-Google-Cloud-databases.html> > and tried to link to your latest docs on hardening Postgres, but all we > could find is this doc from version 7 > <https://www.postgresql.org/docs/7.0/static/security.htm>. That seems of dubious use. More than half the information on that page is no longer applicable. > It appears> that the knowledge from that page has been redistributed across the > manual in versions 8+, making it difficult to point to a single > authoritative resource. I'm writing to request that a single section on > security be revived in a future revision of the manual. I see where you are coming from. However, I think security concerns exist in every aspect of the system. So as a user when I'm dealing with operating system integration, or schema design, or backups, or replication, or monitoring, etc., then I want to know about the security concerns on that subject. -- Peter Eisentraut http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Peter Eisentraut wrote: > On 5/2/18 18:59, Ian Maddox wrote: > > It appears that the knowledge from that page has been redistributed > > across the manual in versions 8+, making it difficult to point to a > > single authoritative resource. I'm writing to request that a single > > section on security be revived in a future revision of the manual. > > I see where you are coming from. However, I think security concerns > exist in every aspect of the system. So as a user when I'm dealing > with operating system integration, or schema design, or backups, or > replication, or monitoring, etc., then I want to know about the > security concerns on that subject. Curiously enough, we got a request on the Spanish list today https://www.postgresql.org/message-id/CALhQua6tAY+b+oH10OOm24sank43quQoVnoZpPDO5r6YQ4eXow@mail.gmail.com about a "hardening guide". I think it is not completely out of the question to have a separate slim section listing things to keep in mind in order to harden a PostgreSQL installation. It doesn't have to be terribly thorough -- rather it'd be mostly links to other places in the docs where detailed information about each element can be found. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
Alvaro,
That's exactly what I'd hope to see as well.
On Sat, May 5, 2018, 12:45 PM Alvaro Herrera <alvherre@2ndquadrant.com> wrote:
Peter Eisentraut wrote:
> On 5/2/18 18:59, Ian Maddox wrote:
> > It appears that the knowledge from that page has been redistributed
> > across the manual in versions 8+, making it difficult to point to a
> > single authoritative resource. I'm writing to request that a single
> > section on security be revived in a future revision of the manual.
>
> I see where you are coming from. However, I think security concerns
> exist in every aspect of the system. So as a user when I'm dealing
> with operating system integration, or schema design, or backups, or
> replication, or monitoring, etc., then I want to know about the
> security concerns on that subject.
Curiously enough, we got a request on the Spanish list today
https://www.postgresql.org/message-id/CALhQua6tAY+b+oH10OOm24sank43quQoVnoZpPDO5r6YQ4eXow@mail.gmail.com
about a "hardening guide". I think it is not completely out of the
question to have a separate slim section listing things to keep in mind
in order to harden a PostgreSQL installation. It doesn't have to be
terribly thorough -- rather it'd be mostly links to other places in the
docs where detailed information about each element can be found.
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services