On 6/17/05, Együd Csaba <csegyud@vnet.hu> wrote:
> Hi,
<snip>
couple of things:
1. make sure postgresql is in a very tight chroot environment. without
shell or anything else.
2. make sure you have list of all client ips, and use firewall to
allow them, and only them to access postgresql port. all other
connections should be rejected on firewall level, not application
level!.
3. accept connections only through ssl (as for what you need - both
client and server has to be build and linked agains openssl library).
4. if above is not possible - enforce usage of vpn. i would suggest
openvpn - it's much easier to setup then ipsec based vpns, and yet it
still holds all security measures.
5. define unique users inside of database for each real user. give
them only the rights they need to have - not even a single "SELECT"
more.
6. when possible - revoke select access to tables, grant select access to views
7. when possible - revoke all access to tables, grant execute access
to functions which will be modifying database (just define them with
"security definer" flag).
8. log all queries to files. with postgresql 8 it's easier then it
ever was. dont log through syslog!
9. log all system activities - you can use grsecurity patches for
extended auditing.
10. using grsecurity or selinux or lids or ... - block unnecessary
accesses on system level (acls)
11. pray.
this is what we do commercially, and as for now - it works great.
best regards,
depesz
