On Mon, 2006-10-30 at 15:36 +0100, Martijn van Oosterhout wrote:
> On Mon, Oct 30, 2006 at 01:34:34PM +0100, Andrew Kelly wrote:
> > Hi all,
> >
> > please forgive a (likely) less than clever question.
> >
> > Are the barriers provided by pg_hba.conf enough from a security
> > standpoint, or is it best to put up some iptable rules duplicating the
> > restrictions?
>
> iptables covers the entire server, whereas pg_hba.conf cancontrol per
> database. Think of it as layers. If you know only two other machines
> will ever access this server, you can use iptables to enforce this.
> From those two machines, you than use pg_hba.conf to fine-tune the
> access controls.
>
> Have a nice day,
Thanks, Martijn, und danke Andreas.
This is what I figured; appreciate the confirmation.
Andy
