Re: Making the DB secure

Hi,
thank you very much. These are very good ideas, I think.
I forgot one thing to mention. We will have very few clients (max. 20) and
all clients will be required to have a fix IP address. Fix IP addresses can
be listed in pg_hba.conf to filter incoming IPs very efficiently. With this
note, do you think we need VPN or other enhancement?

Bye,
-- Csaba

-----Original Message-----
From: Karl O. Pinc [mailto:kop(at)meme(dot)com]
Sent: Saturday, June 18, 2005 12:23 AM
To: Együd Csaba
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Making the DB secure

On 06/17/2005 07:49:07 AM, Együd Csaba wrote:
> Hi,
> we plan to make available our database from the internet (direct
> tcp/ip based connections). We want to make it as secure as possible.
> There are a few users who could access the database, but we want to
> block any other users to access.

Disclamer: Yup, the other responders are right. You don't want to make a
mistake with security.

Rather than put your database on the net you'd be much better served by
using a VPN. IPSEC and OpenVPN come to mind. At the very least use a ssh
tunnel.

You want security, use a tool designed to give you security.

Karl <kop(at)meme(dot)com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein

t hub.org
X-Spam-Status: No, hits=05 tagged_above=required=tests=L, FORGED_RCVD_HELO
X-Spam-Level:
X-Mailing-List: pgsql-general
Precedence: bulk
Sender: pgsql-general-owner(at)postgresql(dot)org
X-Antivirus: AVG for E-mail 7.0.323 [267.7.7]

On 05/26/2005 06:08:00 PM, Devrim GUNDUZ wrote:
>
> Hi,
>
> AFAICS from the user requests, many people is not aware about the
> compatibility RPM we built:
>
> http://developer.PostgreSQL.org/~devrim/compat-postgresql-libs-3-2PGDG
> .i686.rpm
>
> is the compatibility RPM that fixes the problem which arose with
> PostgreSQL 8.0.2 . With 8.0.2, the major number of libpq was bumped,
> and all software that depends on libpq.so.3 failed/or needed to be
> recompiled.

I would like to compile this for my architecture from source.
Could you please tell me where the source rpm is?
(I can't seem to find a pointer to this rpm anywhere but in this email. Is
there a web page/ftp site?)

Thanks.

Karl <kop(at)meme(dot)com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein

---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.