From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
---|---|
To: | Google Mike <googlemike(at)hotpop(dot)com> |
Cc: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: Poll on your LAPP Preferences |
Date: | 2005-08-09 17:23:05 |
Message-ID: | 20050809172305.GC21039@alvh.no-ip.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On Sat, Aug 06, 2005 at 07:59:06PM -0700, Google Mike wrote:
> As a PostgreSQL admin or developer, you may be asked to deploy a Linux
> Apache PHP PostgreSQL application. As you know, and simplifying things
> a great deal here, the pg_hba.conf file can be edited in approximately
> 7 different ways:
>
> * locked down -- no access at all (usually the default)
> * trust local access, any user
> * trust local access, specific users
> * trust remote access, any user
> * trust remote access, specific users
I'd never trust remote access, not even for specific IPs, out of fear
that somebody might be able to inject malicious commands using IP
spoofing. SSL is a must in that situation.
--
Alvaro Herrera (<alvherre[a]alvh.no-ip.org>)
Y una voz del caos me habló y me dijo
"Sonríe y sé feliz, podría ser peor".
Y sonreí. Y fui feliz.
Y fue peor.
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2005-08-09 17:31:03 | Re: [GENERAL] postgres & server encodings |
Previous Message | Alvaro Herrera | 2005-08-09 17:18:53 | Re: [GENERAL] postgres & server encodings |