Re: Connect to postgres from a dynamic IP - Mailing list pgsql-general

From paul rivers
Subject Re: Connect to postgres from a dynamic IP
Date
Msg-id 47CC2A0A.2030106@gmail.com
Whole thread Raw
In response to Re: Connect to postgres from a dynamic IP  ("dfx" <dfx@dfx.it>)
List pgsql-general
Collin wrote:
>
>>>
>>> But make it "hostssl" instead of "host", to require some
>>> cryptography in the channel used, specially to authenticate the
>>> connection.
>>>
>>> Opening your access to everyone without crypto sounds like something
>>> you don't want to do.  Specially if users can change their own
>>> passwords...
>>
>> My understanding is no password is sent in the clear with md5 per:
>>
>> http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSWORD
>>
>>
>>
>> Paul
>>
> However, it depends on the sort of data you are accessing. Sending a
> MD5 password is all well and good but if your data consists of credit
> card info or trade secrets then you'll want that encrypted too.
>

Yes true, if your data is sensitive, go with SSL.

On the other hand, if you're sending credit card data around, you must
comply with the PCI audit regulation, in which case there is exactly
0.0% chance you're putting your database port on a public network.

Regards,
Paul


pgsql-general by date:

Previous
From: paul rivers
Date:
Subject: Re: Connect to postgres from a dynamic IP
Next
From: Collin
Date:
Subject: Re: Connect to postgres from a dynamic IP