| From: | Randy Yates <yates(at)ieee(dot)org> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Firewall Security Requirements for Postgresql Access |
| Date: | 2004-09-08 03:12:29 |
| Message-ID: | vfepmp2f.fsf@ieee.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
bench(at)silentmedia(dot)com (Ben) writes:
> Well, R/W doesn't make much sense for TCP.... incoming/outgoing SYN
> packets make more sense, and if the database is located outside the
> firewall, you really only need to allow outgoing SYN packets on the port
> (as well as packets related to that session, of course).
Are you suggesting that the firewall be configured so that the only
outgoing packets allowed through are ones with the SYN bit set in the
CODE BITS field of the TCP header? I'm fairly ignorant on protocol
matters, and I don't understand why one would single out these types
of TCP segments. Could you please expound?
--
% Randy Yates % "Bird, on the wing,
%% Fuquay-Varina, NC % goes floating by
%%% 919-577-9882 % but there's a teardrop in his eye..."
%%%% <yates(at)ieee(dot)org> % 'One Summer Dream', *Face The Music*, ELO
http://home.earthlink.net/~yatescr
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Atkins | 2004-09-08 03:48:13 | Re: Salt in encrypted password in pg_shadow |
| Previous Message | Greg Stark | 2004-09-08 03:12:01 | Re: Salt in encrypted password in pg_shadow |