Re: Is PGSQL enough safe for internet?

On Wed, 18 Mar 2009 09:32:56 +0100
durumdara <durumdara(at)gmail(dot)com> wrote:

> Possible he can install an another pgsql service that can be
> opened to the net and that can usable for ONLY THIS PROJECT. But I
> don't know, that is possible or not; and how to upgrade later, if
> needed... :-(

If you can't use another DB... or you don't want to use another DB
(this depends on how much separation/security you really think is
suited...) you can configure postgresql to respond just to certain
IP over SSL to access just certain DB even on a different port.

http://developer.postgresql.org/pgdocs/postgres/auth-pg-hba-conf.html
http://www.postgresql.org/docs/8.3/interactive/client-authentication.html

> Can I use some functions in PGSQL to make some protecting rules?
> Like in Mail Servers: if the IP is same and pwd is wrong in X
> times, the IP blocked for N hours...

I wouldn't recommend this approach. Someone may just close you out
from your own home.
Unless you're accessing the server from static IP and you can use
white listing.

--
Ivan Sergio Borgonovo
http://www.webthatworks.it