| From: | Andrew Kelly <akelly(at)corisweb(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: access and security |
| Date: | 2006-10-30 14:47:44 |
| Message-ID: | 1162219664.5364.10.camel@localhost.localdomain |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 2006-10-30 at 15:36 +0100, Martijn van Oosterhout wrote:
> On Mon, Oct 30, 2006 at 01:34:34PM +0100, Andrew Kelly wrote:
> > Hi all,
> >
> > please forgive a (likely) less than clever question.
> >
> > Are the barriers provided by pg_hba.conf enough from a security
> > standpoint, or is it best to put up some iptable rules duplicating the
> > restrictions?
>
> iptables covers the entire server, whereas pg_hba.conf cancontrol per
> database. Think of it as layers. If you know only two other machines
> will ever access this server, you can use iptables to enforce this.
> From those two machines, you than use pg_hba.conf to fine-tune the
> access controls.
>
> Have a nice day,
Thanks, Martijn, und danke Andreas.
This is what I figured; appreciate the confirmation.
Andy
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2006-10-30 15:14:09 | Re: log_duration and JDBC V3 Preparded Statements |
| Previous Message | Martijn van Oosterhout | 2006-10-30 14:36:34 | Re: access and security |