Peter Eisentraut wrote:
> On 5/2/18 18:59, Ian Maddox wrote:
> > It appears that the knowledge from that page has been redistributed
> > across the manual in versions 8+, making it difficult to point to a
> > single authoritative resource. I'm writing to request that a single
> > section on security be revived in a future revision of the manual.
>
> I see where you are coming from. However, I think security concerns
> exist in every aspect of the system. So as a user when I'm dealing
> with operating system integration, or schema design, or backups, or
> replication, or monitoring, etc., then I want to know about the
> security concerns on that subject.
Curiously enough, we got a request on the Spanish list today
https://www.postgresql.org/message-id/CALhQua6tAY+b+oH10OOm24sank43quQoVnoZpPDO5r6YQ4eXow@mail.gmail.com
about a "hardening guide". I think it is not completely out of the
question to have a separate slim section listing things to keep in mind
in order to harden a PostgreSQL installation. It doesn't have to be
terribly thorough -- rather it'd be mostly links to other places in the
docs where detailed information about each element can be found.
--
Álvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services