Re: Poll on your LAPP Preferences

From: Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
To: Google Mike <googlemike(at)hotpop(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Poll on your LAPP Preferences
Date: 2005-08-09 17:23:05
Message-ID: 20050809172305.GC21039@alvh.no-ip.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Sat, Aug 06, 2005 at 07:59:06PM -0700, Google Mike wrote:
> As a PostgreSQL admin or developer, you may be asked to deploy a Linux
> Apache PHP PostgreSQL application. As you know, and simplifying things
> a great deal here, the pg_hba.conf file can be edited in approximately
> 7 different ways:
>
> * locked down -- no access at all (usually the default)
> * trust local access, any user
> * trust local access, specific users
> * trust remote access, any user
> * trust remote access, specific users

I'd never trust remote access, not even for specific IPs, out of fear
that somebody might be able to inject malicious commands using IP
spoofing. SSL is a must in that situation.

--
Alvaro Herrera (<alvherre[a]alvh.no-ip.org>)
Y una voz del caos me habló y me dijo
"Sonríe y sé feliz, podría ser peor".
Y sonreí. Y fui feliz.
Y fue peor.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Tom Lane 2005-08-09 17:31:03 Re: [GENERAL] postgres & server encodings
Previous Message Alvaro Herrera 2005-08-09 17:18:53 Re: [GENERAL] postgres & server encodings