| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | PAWAN SHARMA <er(dot)pawanshr0963(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Doubts regarding postgres Security |
| Date: | 2017-01-21 20:21:07 |
| Message-ID: | 20170121202107.GW18360@tamriel.snowman.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Pawan,
* PAWAN SHARMA (er(dot)pawanshr0963(at)gmail(dot)com) wrote:
> 1. How can we set user account block feature after max number of
> invalid password entries?
There are ways to accomplish this, but they're unfortunately
complicated. In the past, I've implemented these kinds of requirments
by using the 'PAM' auth method and configuring saslauthd and PAM with
various PAM modules. Unfortunately, most PAM modules are not very well
suited to running as non-root or with alternate directories, so it can
be a bit tricky.
> 2. How can we use SSL encryption in Postgres on Linux environment?
This can be a bit tricky too, depending on your PKI, but generally
speaking, you simply need to configure the SSL-relevant options in
postgresql.conf and then set SSLMODE=verify-ca (or verify-full,
depending on what you want to do).
Specific documentiaton is available here:
https://www.postgresql.org/docs/current/static/ssl-tcp.html
> 3. How can we transparent data encryption in Postgres?
If you mean between PG and the filesystem, you could either use full
disk encryption provided by the OS, or like pgcrypto.
Documentation for pgcrypto is here:
https://www.postgresql.org/docs/current/static/pgcrypto.html
Thanks!
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Simon Windsor | 2017-01-21 20:26:21 | Re: PgPool or alternatives |
| Previous Message | Stephen Frost | 2017-01-21 20:09:39 | Re: PgPool or alternatives |