Re: postgres "on in the internet" - Mailing list pgsql-general

From Mike Nolan
Subject Re: postgres "on in the internet"
Date
Msg-id 200409030042.i830g8PM027420@gw.tssi.com
Whole thread Raw
In response to postgres "on in the internet"  (Paul Tillotson <pntil@shentel.net>)
List pgsql-general
> Does anyone out there have experience with this or recommended best
> practices?  We have been looking at either (a) tunnelling everything
> over ssh, or (b) just making sure that users have "strong" passwords and
> requiring "md5" authentication in pg_hba.conf.

Have you considered using VPN routers to punch a hole through your firewall?

Can you do a a combination of A and B?  (Does that make much sense?)

You should also consider blocking all IP addresses other than the client
nodes at the firewall.  That won't help much if the client node gets
compromised.
--
Mike Nolan

pgsql-general by date:

Previous
From: "Joshua D. Drake"
Date:
Subject: Re: postgres "on in the internet"
Next
From: Mike Mascari
Date:
Subject: Re: postgres "on in the internet"