Re: open up firewall from "anywhere" to postgres ports?

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Willy-Bas Loos <willybas(at)gmail(dot)com>
Cc: "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: open up firewall from "anywhere" to postgres ports?
Date: 2009-03-07 21:41:04
Message-ID: 17942.1236462064@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Willy-Bas Loos <willybas(at)gmail(dot)com> writes:
> I'm wondering if i should open up the ports to my two clusters 5432
> and 5433 from "Anywhere"?

No, not unless you'd like to take the risk of anyone on the internet
poking into your databases.

> I feel that it's a stupid question, since there is pg_hba, which
> already does this work.

Well, even if you trust pg_hba.conf to block unwanted connections,
someone could still mount a DOS attack by flooding your postmaster
with connection requests. It takes a significant number of cycles
to reject a request on the basis of pg_hba.conf.

regards, tom lane

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2009-03-07 21:41:18 Re: open up firewall from "anywhere" to postgres ports?
Previous Message Willy-Bas Loos 2009-03-07 21:27:02 open up firewall from "anywhere" to postgres ports?