| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Willy-Bas Loos <willybas(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: open up firewall from "anywhere" to postgres ports? |
| Date: | 2009-03-07 21:41:04 |
| Message-ID: | 17942.1236462064@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Willy-Bas Loos <willybas(at)gmail(dot)com> writes:
> I'm wondering if i should open up the ports to my two clusters 5432
> and 5433 from "Anywhere"?
No, not unless you'd like to take the risk of anyone on the internet
poking into your databases.
> I feel that it's a stupid question, since there is pg_hba, which
> already does this work.
Well, even if you trust pg_hba.conf to block unwanted connections,
someone could still mount a DOS attack by flooding your postmaster
with connection requests. It takes a significant number of cycles
to reject a request on the basis of pg_hba.conf.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2009-03-07 21:41:18 | Re: open up firewall from "anywhere" to postgres ports? |
| Previous Message | Willy-Bas Loos | 2009-03-07 21:27:02 | open up firewall from "anywhere" to postgres ports? |