Re: Is PGSQL enough safe for internet?

durumdara wrote:
>
> Can I define in PGSQL, which DataBases can read from the localhost, and
> which can from the net?

Yes. See "authentication" in the manuals for details on pg_hba.conf and
also "grant connect". Only allow password-protected connection over an
encrypted ssl channel. Only allow connection from a specified IP
address. Add a rule to your firewall to only allow connection from that
address too.

> Can I separate these databases to decreasing the dangers? Not phisically
> - in other way to hide the private DBs.

You can't hide their existence, but you can restrict which users can
connect.

You can have multiple versions of PostgreSQL running - the default on
port 5432 and another on e.g. port 5433. Lots of people do this, often
so they can have different versions of PG installed on the same machine.

> Can I use some functions in PGSQL to make some protecting rules? Like in
> Mail Servers: if the IP is same and pwd is wrong in X times, the IP
> blocked for N hours...

Not that I know of. On linux there is a tool called fail2ban which will
do this for you, but I don't know of anything similar for Windows.

> Last idea, if the port opening is not too good to convert
> uploads/downloads to xml, and the client/server can read/write these
> packages.
> But this is hard to realize (convert all informations to same schema),
> and it need to protect also...

Not sure that gains you anything. If you have a user specifically for
upload/download purposes you can restrict what they can do. You could
even have a separate set of import tables that they write to and then
they call a function to transfer to the live tables. That function could
do additional checking if you think it necessary.

HTH

--
Richard Huxton
Archonet Ltd