Re: (not so?) silly question

From: Andreas <maps(dot)on(at)gmx(dot)net>
To: "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: (not so?) silly question
Date: 2010-06-18 16:18:48
Message-ID: 4C1B9C68.5010801@gmx.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-novice

Am 15.06.2010 14:16, schrieb Jean-Yves F. Barbier:
> Le 15 Jun 2010 09:14:57 GMT,
> Jasen Betts<jasen(at)xnet(dot)co(dot)nz> a écrit :
>
>
>> On 2010-06-14, Jean-Yves F. Barbier<12ukwn(at)gmail(dot)com> wrote:
>>
>>> Hi list,
>>>
>>> Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>>>
>>>
>> assuming you have secured the port using pg_hba.conf
>> should be safe until the next time someone finds an
>> openssl exploit....
>>
> Ok, so AFAI understand you, the danger's the same as leaving port 22 open
> on my machine?
>
If you have 22 open anyway then why not using an ssh-tunnel ?
Only that ssh usually has smaller keys than 4096bits.
And SSH offers compression on the fly which might save some bytes.

Then you just have to figure out how to have your clients access PG via
SSH-tunnel but not letting them tunnel to every other port within the
server.

In response to

Browse pgsql-novice by date

  From Date Subject
Next Message Andreas 2010-06-18 16:24:20 mysterious sortorder issue
Previous Message Atif Jung 2010-06-18 16:03:10 How to get the logged on user in perlu script