From: | Együd Csaba <csegyud(at)vnet(dot)hu> |
---|---|
To: | 'hubert depesz lubaczewski' <depesz(at)gmail(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Making the DB secure |
Date: | 2005-06-20 18:41:10 |
Message-ID: | 0IIE00048BWKUZ@mail.vnet.hu |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hi Depesz,
thank you.
Most of your suggestions are in our plans. We plan to grant only the
necessary rights, filtering explicit IP addresses and so on.
We are going to consider applying a VPN. Also we are going to consider
logging all the querie executed by the server. You mentioned that pg8
provides some functions regarding this. Where to serch for more info? How
thay name this feature?
Many thanks,
-- Csaba
-----Original Message-----
From: hubert depesz lubaczewski [mailto:depesz(at)gmail(dot)com]
Sent: Monday, June 20, 2005 7:58 PM
To: Együd Csaba
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Making the DB secure
On 6/17/05, Együd Csaba <csegyud(at)vnet(dot)hu> wrote:
> Hi,
<snip>
couple of things:
1. make sure postgresql is in a very tight chroot environment. without shell
or anything else.
2. make sure you have list of all client ips, and use firewall to allow
them, and only them to access postgresql port. all other connections should
be rejected on firewall level, not application level!.
3. accept connections only through ssl (as for what you need - both client
and server has to be build and linked agains openssl library).
4. if above is not possible - enforce usage of vpn. i would suggest openvpn
- it's much easier to setup then ipsec based vpns, and yet it still holds
all security measures.
5. define unique users inside of database for each real user. give them only
the rights they need to have - not even a single "SELECT"
more.
6. when possible - revoke select access to tables, grant select access to
views 7. when possible - revoke all access to tables, grant execute access
to functions which will be modifying database (just define them with
"security definer" flag).
8. log all queries to files. with postgresql 8 it's easier then it ever was.
dont log through syslog!
9. log all system activities - you can use grsecurity patches for extended
auditing.
10. using grsecurity or selinux or lids or ... - block unnecessary accesses
on system level (acls) 11. pray.
this is what we do commercially, and as for now - it works great.
best regards,
depesz
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.
From | Date | Subject | |
---|---|---|---|
Next Message | Együd Csaba | 2005-06-20 18:45:48 | Re: Making the DB secure |
Previous Message | Milan Krcmar | 2005-06-20 18:35:46 | Re: External (asynchronous) notifications of database updates |