| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Rizwan Shaukat <rizwan(dot)shaukat(at)hotmail(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: how to secure pg_hba.conf |
| Date: | 2022-12-01 19:06:19 |
| Message-ID: | CAKFQuwa_pumVRLPas6qiiayyqPj7nbKMntj9GEAKci6g-mzw=Q@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Dec 1, 2022 at 11:36 AM Rizwan Shaukat <rizwan(dot)shaukat(at)hotmail(dot)com>
wrote:
> we hv requiremnt from security to secure pg_hba.conf file was encryption
> or password protected on server to protect ip visibilty because these
> server access by application n thy can amend as well. how we can achive it
> pls
>
>
You cannot with the present implementation of the system - pg_hba.conf is
read by the PostgreSQL process as a file. I do not think the server is
prepared for that file to be some kind of program whose stdout is the
contents and you could arrange for that program to do whatever it is you'd
like.
That said, it isn't clear to me what you mean by "these server access by
application n thy can amend as well". You are welcome to make the file
read-only except by root if amending it is a concern. I don't understand
what exposure knowing ip addresses gives - I suppose knowledge is helpful
but security by obscurity isn't real security.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christophe Pettus | 2022-12-01 19:08:23 | Re: Stored procedure code no longer stored in v14 and v15, changed behaviour |
| Previous Message | Dominique Devienne | 2022-12-01 19:05:43 | Re: Stored procedure code no longer stored in v14 and v15, changed behaviour |