Re: Making the DB secure

On 06/20/2005 01:45:48 PM, Együd Csaba wrote:
> Hi Karl,
> OK, I see the point. We are going to look around the VPN. So as a
> conclusion: can we state, that, in addition to all the security
> features
> postgres provides, applying a VPN - with SSL and firewal - is enough
> to
> provide the necessary security?

When it comes to security people are always the biggest problem.
The above should give you the necessary technical means to
call yourself "very secure".

> The server will be a Linux(??) based system. The clients will run
> Windows
> XP.
> Are Windows based clients able to cooperate with these kind of Linux
> servers?

Yes. We're getting off topic for the list here. I can't say
I know enough offhand to do more than blather, so I'll do that. :)
IIRC IPSec is built into the Linux kernel,
and in theory XP has a built-in client, but I believe the
client's interface is "unfriendly". If you find a good free IPSec
XP client please let me know. IIRC, OpenVPN has XP clients.
Your firewall may have clients. You could probably whip up
a cygwin based openssh client to tunnel your traffic, although
I don't know why you would given OpenVPN. There are many choices
(including non-VPN ones other's have mentioned, like mediating
database access via a web server.)

As a VPN by definition bypasses your firewall don't allow more
traffic than necessary through it.

Karl <kop(at)meme(dot)com>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein