Re: postgres "on in the internet"

From: Mike Nolan <nolan(at)gw(dot)tssi(dot)com>
To: pntil(at)shentel(dot)net (Paul Tillotson)
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: postgres "on in the internet"
Date: 2004-09-03 00:42:07
Message-ID: 200409030042.i830g8PM027420@gw.tssi.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> Does anyone out there have experience with this or recommended best
> practices? We have been looking at either (a) tunnelling everything
> over ssh, or (b) just making sure that users have "strong" passwords and
> requiring "md5" authentication in pg_hba.conf.

Have you considered using VPN routers to punch a hole through your firewall?

Can you do a a combination of A and B? (Does that make much sense?)

You should also consider blocking all IP addresses other than the client
nodes at the firewall. That won't help much if the client node gets
compromised.
--
Mike Nolan

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Mike Mascari 2004-09-03 00:46:45 Re: postgres "on in the internet"
Previous Message Joshua D. Drake 2004-09-03 00:32:30 Re: postgres "on in the internet"