Thread: protecting database from internet access
hi, please do the needful.. I am using j2ee on the server side and postgresql as the database to connect. This database is exposed to the internet. The user is shown a login page in which user enters its username and password. Password authentication takes place.This password is authenticated on the basis of password field in the userprofile table. some questions :- 1)can anybody tell me how to do this so that the database is at most secure on the internet ? 2)should i have different password(login password) for the connection string ? or connection string password should be same and authentication should be done by fetching the password value from the userprofile table for the coressponding user ? 3)Encrypting the password ? 4)Adding the password in the session so that once authentication is done user is allowed for authorization for different resources such databases,tables etc.. 5)providing some SSl or tunneling to the database ? please help with some examples.. i am presently using pg admin III on windows of postgresql. later on might switch to linux. i have read about pg_hba.conf file..But these things are not clear to me. Thanks, Ashish _________________________________________________________________ Finding it difficult to find your life partner?Here is your solution http://www.bharatmatrimony.com/ http://creative.mediaturf.net/creatives/bm05/bm_msn_tagoffline.htm
From the postgreSQL docs:
16.7. Secure TCP/IP Connections with SSL
19.1. The pg_hba.conf file
19.2. Authentication methods
19.2.1. Trust authentication
19.2.2. Password authentication
19.2.3. Kerberos authentication
19.2.4. Ident-based authentication
19.2.5. PAM Authentication
19.3. Authentication problems
""ashish srivastava"" <ashu_shri@hotmail.com> wrote in message
news:BAY111-F137A8BA63A48E213E01AF59F7B0@phx.gbl...
> hi,
>
> please do the needful..
>
> I am using j2ee on the server side and postgresql as the database to
> connect. This database is exposed to the internet.
>
> The user is shown a login page in which user enters its username and
> password. Password authentication takes place.This password is
> authenticated on the basis of password field in the userprofile table.
>
> some questions :-
> 1)can anybody tell me how to do this so that the database is at most
> secure on the internet ?
> 2)should i have different password(login password) for the connection
> string ? or connection string password should be same and authentication
> should be done by fetching the password value from the userprofile table
> for the coressponding user ?
> 3)Encrypting the password ?
> 4)Adding the password in the session so that once authentication is done
> user is allowed for authorization for different resources such
> databases,tables etc..
> 5)providing some SSl or tunneling to the database ?
>
> please help with some examples..
>
> i am presently using pg admin III on windows of postgresql. later on might
> switch to linux.
>
> i have read about pg_hba.conf file..But these things are not clear to me.
>
> Thanks,
> Ashish
>
> _________________________________________________________________
> Finding it difficult to find your life partner?Here is your solution
> http://www.bharatmatrimony.com/
> http://creative.mediaturf.net/creatives/bm05/bm_msn_tagoffline.htm
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 5: don't forget to increase your free space map settings
>
Hi, I have to design authentication and authorization tables in the postgress database depending on the roles of the users. What strategy should i follow. The transcation is going to be at most secure i.e. https and ssl enable. can you help with some example. Thanks, Ashish >From: "codeWarrior" <gpatnude@hotmail.com> >To: pgsql-admin@postgresql.org >Subject: Re: [ADMIN] protecting database from internet access >Date: Wed, 12 Oct 2005 08:13:31 -0700 > > From the postgreSQL docs: >16.7. Secure TCP/IP Connections with SSL >19.1. The pg_hba.conf file > 19.2. Authentication methods > 19.2.1. Trust authentication > 19.2.2. Password authentication > 19.2.3. Kerberos authentication > 19.2.4. Ident-based authentication > 19.2.5. PAM Authentication > 19.3. Authentication problems > >""ashish srivastava"" <ashu_shri@hotmail.com> wrote in message >news:BAY111-F137A8BA63A48E213E01AF59F7B0@phx.gbl... > > hi, > > > > please do the needful.. > > > > I am using j2ee on the server side and postgresql as the database to > > connect. This database is exposed to the internet. > > > > The user is shown a login page in which user enters its username and > > password. Password authentication takes place.This password is > > authenticated on the basis of password field in the userprofile table. > > > > some questions :- > > 1)can anybody tell me how to do this so that the database is at most > > secure on the internet ? > > 2)should i have different password(login password) for the connection > > string ? or connection string password should be same and authentication > > should be done by fetching the password value from the userprofile table > > for the coressponding user ? > > 3)Encrypting the password ? > > 4)Adding the password in the session so that once authentication is done > > user is allowed for authorization for different resources such > > databases,tables etc.. > > 5)providing some SSl or tunneling to the database ? > > > > please help with some examples.. > > > > i am presently using pg admin III on windows of postgresql. later on >might > > switch to linux. > > > > i have read about pg_hba.conf file..But these things are not clear to >me. > > > > Thanks, > > Ashish > > > > _________________________________________________________________ > > Finding it difficult to find your life partner?Here is your solution > > http://www.bharatmatrimony.com/ > > http://creative.mediaturf.net/creatives/bm05/bm_msn_tagoffline.htm > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 5: don't forget to increase your free space map settings > > > > > >---------------------------(end of broadcast)--------------------------- >TIP 4: Have you searched our list archives? > > http://archives.postgresql.org _________________________________________________________________ NRI SPECIAL OFFER!Zero balance account for 20 years! Get it now! http://creative.mediaturf.net/creatives/citibankrca/rca_msntagofline.htm