Peter Eisentraut wrote: > On 5/2/18 18:59, Ian Maddox wrote:
> > It appears that the knowledge from that page has been redistributed > > across the manual in versions 8+, making it difficult to point to a > > single authoritative resource. I'm writing to request that a single > > section on security be revived in a future revision of the manual. > > I see where you are coming from. However, I think security concerns > exist in every aspect of the system. So as a user when I'm dealing > with operating system integration, or schema design, or backups, or > replication, or monitoring, etc., then I want to know about the > security concerns on that subject.
Curiously enough, we got a request on the Spanish list today https://www.postgresql.org/message-id/CALhQua6tAY+b+oH10OOm24sank43quQoVnoZpPDO5r6YQ4eXow@mail.gmail.com about a "hardening guide". I think it is not completely out of the question to have a separate slim section listing things to keep in mind in order to harden a PostgreSQL installation. It doesn't have to be terribly thorough -- rather it'd be mostly links to other places in the docs where detailed information about each element can be found.
