Well, after aggregating all the feedback here and talking to my boss (he knows
more about SSL and the like) I think we've come up with a solution that fits...
The first part will be implementing SSL. Apparently, he has managed to
successfully compile OpenSSL on the SCO and AIX boxes that we will be having as
clients. This means that if he compiles Pg with SSL support on them, he should
be able to call for a SSL connection from the Pg library from his C client.
(Side note: is there any way to get client libraries onto a given machine without
having to install and compile all of Pg? I remember looking for a
client-library-only type download for Pg, but I did not have success and I always
have to install Pg even if I just want to use it as a client)
In combination with SSL, we're considering putting a linux firewall in front of
the database which will indeed query the database for the known hosts and
configure it's rules accordingly. Then we can do one of two things: we can
forward it such that the Pg database only sees the connections as coming from the
firewall and so we can restrict it to allow just that one IP and associate a
username/password with that one IP, or we can forward it with the original source
IPs intact and have Pg contain an account for each client and their IP (this
seems like a lot of work).
Well, we appear to be on the right track. Thanks for all the insight, and if
anyone can shoot holes through my plan or has additional recommendations for
making it more secure, I'd love to hear it.
Oh, one last thing...all of these clients need SSL certificates (for another
aspect of our operation). It would be great if we could leverage that fact to
use SSL not only for encryption but also for authentication via the
certificates. However, I don't think there's any way to get the client to just
serve up the cert to Pg nor for the Pg server to do anything with it. However,
if I'm wrong on that or if you can think of another way to leverage that client
cert, let me know!
Thanks,
Fran