Home > mailing lists

Re: access and security - Mailing list pgsql-general

From	Martijn van Oosterhout
Subject	Re: access and security
Date	October 30, 2006 13:36:55
Msg-id	20061030143634.GA8246@svana.org Whole thread Raw
In response to	access and security (Andrew Kelly <akelly@corisweb.org>)
Responses	Re: access and security (Andrew Kelly <akelly@corisweb.org>)
List	pgsql-general

Tree view

On Mon, Oct 30, 2006 at 01:34:34PM +0100, Andrew Kelly wrote:
> Hi all,
>
> please forgive a (likely) less than clever question.
>
> Are the barriers provided by pg_hba.conf enough from a security
> standpoint, or is it best to put up some iptable rules duplicating the
> restrictions?

iptables covers the entire server, whereas pg_hba.conf cancontrol per
database. Think of it as layers. If you know only two other machines
will ever access this server, you can use iptables to enforce this.
From those two machines, you than use pg_hba.conf to fine-tune the
access controls.

Have a nice day,
--
Martijn van Oosterhout   <kleptog@svana.org>   http://svana.org/kleptog/
> From each according to his ability. To each according to his ability to litigate.

Attachment

signature.asc

pgsql-general by date:

From: Brad Nicholson
Date: 30 October 2006, 13:23:31
Subject: log_duration and JDBC V3 Preparded Statements

From: Ilan Volow
Date: 30 October 2006, 13:44:05
Subject: Re: postgresql books and convertion utilities

Re: access and security - Mailing list pgsql-general

Attachment

Previous

Next