Re: Making the DB secure

Hi All,
I am really sorry for upsetting the list. You are absolutelly right, I do
have applied a network specialist, who stated that the VPN is a must, and we
started to configure and test the server together (using OpenVPN).

Actually this application is going to operate in a test phase for months, so
we have the time to test securty issues.
Dear Geoffrey, please do not worry, we won't misapply any sensitive data.

BTW, I would like to close this thread on this list, because this is rather
off topic here. Thank you very much for opening up my eyes. I really thought
I can find it out alone. I wasn't right. Thanks for you all.

Certainly anybody is wellcome to write me in private.

Regards,
-- Csaba Együd.

-----Original Message-----
From: pgsql-general-owner(at)postgresql(dot)org
[mailto:pgsql-general-owner(at)postgresql(dot)org] On Behalf Of Geoffrey
Sent: Tuesday, June 21, 2005 11:41 PM
To: pgsql-general(at)postgresql(dot)org
Subject: Re: [GENERAL] Making the DB secure

Együd Csaba wrote:
> Hi,
> thank you very much. These are very good ideas, I think.
> I forgot one thing to mention. We will have very few clients (max. 20)
> and all clients will be required to have a fix IP address. Fix IP
> addresses can be listed in pg_hba.conf to filter incoming IPs very
> efficiently. With this note, do you think we need VPN or other
enhancement?

YOU NEED A SECURITY CONSULTANT. If you think you can rely on static ips as
a security tool, you are clueless. I'm sorry, but the fact that you
mentioned that this database contains medical information really disturbs
me.

A static IP insures NOTHING. A vpn will secure the connection and protect
it.

--
Until later, Geoffrey

---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faq

sive
lock on the index's table, so until you roll back, no other transaction will
be able to touch the table at all. So the whole thing may be a nonstarter
in a production database anyway :-(. You can probably get away with
BEGIN;
DROP INDEX ...
EXPLAIN ...
ROLLBACK;
if you fire it from a script rather than by hand --- but EXPLAIN ANALYZE
might be a bad idea ...

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 2005.06.21.

--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 2005.06.21.