Best security practices for installing pgSQL with my software - Mailing list pgsql-general

From Greg
Subject Best security practices for installing pgSQL with my software
Date
Msg-id 000301c68dfe$4854bb80$d8fe3280$@co.za
Whole thread Raw
List pgsql-general

My software package will install PostGreSQL on the server, and clients will connect to it with a windows smart client application. What would be the best way to keep the PostGreSQL usernames and passwords secure?

 

I will be doing a silent install of the database, and obviously this will require a service username and password. Should I hardcode the service username and password? Or should I let the person installing the software enter their own username and password for the server?

 

Also, what should I do when it comes to the actual user for the database? How should I handle these details? This software will be installed on many different Pc’s by many different people.

 

Can I use OpenSSL to secure communications between the clients and the server?

 

Thanks

 

pgsql-general by date:

Previous
From: "Greg"
Date:
Subject: test
Next
From: Aaron Bingham
Date:
Subject: Re: Fabian Pascal and RDBMS deficiencies in fully implementing