Home > mailing lists

Re: Firewall Security Requirements for Postgresql Access - Mailing list pgsql-general

From	Randy Yates
Subject	Re: Firewall Security Requirements for Postgresql Access
Date	September 11, 2004 05:35:58
Msg-id	vfepmp2f.fsf@ieee.org Whole thread Raw
In response to	Re: Firewall Security Requirements for Postgresql Access (Gaetano Mendola <mendola@bigfoot.com>)
Responses	Re: Firewall Security Requirements for Postgresql Access
List	pgsql-general

Tree view

bench@silentmedia.com (Ben) writes:

> Well, R/W doesn't make much sense for TCP.... incoming/outgoing SYN
> packets make more sense, and if the database is located outside the
> firewall, you really only need to allow outgoing SYN packets on the port
> (as well as packets related to that session, of course).

Are you suggesting that the firewall be configured so that the only
outgoing packets allowed through are ones with the SYN bit set in the
CODE BITS field of the TCP header? I'm fairly ignorant on protocol
matters, and I don't understand why one would single out these types
of TCP segments.  Could you please expound?
--
%  Randy Yates                  % "Bird, on the wing,
%% Fuquay-Varina, NC            %   goes floating by
%%% 919-577-9882                %   but there's a teardrop in his eye..."
%%%% <yates@ieee.org>           % 'One Summer Dream', *Face The Music*, ELO
http://home.earthlink.net/~yatescr

pgsql-general by date:

From: Randy Yates
Date: 11 September 2004, 05:35:54
Subject: Firewall Security Requirements for Postgresql Access

From: Randy Yates
Date: 11 September 2004, 05:38:13
Subject: Re: Another Security Question: User-based Roles vs. Application

Re: Firewall Security Requirements for Postgresql Access - Mailing list pgsql-general

Previous

Next