Re: Streaming replication for security

Ty all...

I feel more comfortable with this approach... I'll learn more about ssh
tunnel...

[]s

Márcio

On Wed, Dec 21, 2016 at 10:57 PM, Hannu Krosing <hkrosing(at)gmail(dot)com> wrote:

> On 12/17/2016 02:58 PM, Marcio Duarte wrote:
> > Hello ppl,
> >
> > My name is Márcio, from Brazil and I need help in understanding the
> > streaming replication process.
> >
> > I have a PostgreSQL data base hosted in an internal server. I need to
> > replicate this database on Heroku for read only access, but I need to
> > keep this Heroku instance synced with my internal server... I don't
> > want to expose this PostgreSQL internal server to the Web...
> >
> > What I understood
> > in https://wiki.postgresql.org/wiki/Streaming_Replication is that
> > standby will read data from master and not the other way... In this
> > case, I will need to expose the internal database server to the Web
> > via TCP, right?
> Maybe not web, but at least to the replica.
>
> And otherways full PostgreSQL security applies., like requiring SSL
> connection, fine-grained control of client addresses etc.
>
> And, you can always set up an ssh tunnel if you are more comfortable
> with this than with postgreSQL-s ssl.
> And you can even initiate the tunneling SSH connection from the master :)
> >
> > If so, there is a way to make the master send the data to standby?
>
> Not easily.
>
>
> Cheers
>
> --
> Hannu Krosing
> PostgreSQL Consultant
> Performance, Scalability and High Availability
> https://2ndquadrant.com/
>
>