Thread: Change port number

Change port number

From
"Rodrigo Sakai"
Date:
  Hello all,
 
  I have a question about changing the port number of Databases server. It was told to me that is a good administrative practice to change the port number of the services, like change the 5432 to 6985 or any other number. This is for security reasons. Is really a good practice?
 
  Thanks.

Re: Change port number

From
"Joshua D. Drake"
Date:
Rodrigo Sakai wrote:
>   Hello all,
>
>   I have a question about changing the port number of Databases
> server. It was told to me that is a good administrative practice to
> change the port number of the services, like change the 5432 to 6985
> or any other number. This is for security reasons. Is really a good
> practice?
Well, not really. Anyone who wants to get in, is just going to scan your
ports to find out what is open anyway. What you really need to do
is have a decent firewall in place and correctly configure postgresql
from the beginning.

Joshua D. Drake

>
>   Thanks.


--
The PostgreSQL Company - Command Prompt, Inc. 1.503.667.4564
PostgreSQL Replication, Consulting, Custom Development, 24x7 support
Managed Services, Shared and Dedicated Hosting
Co-Authors: PLphp, PLperl - http://www.commandprompt.com/


Re: Change port number

From
Tom Lane
Date:
"Joshua D. Drake" <jd@commandprompt.com> writes:
> Rodrigo Sakai wrote:
>> I have a question about changing the port number of Databases
>> server. It was told to me that is a good administrative practice to
>> change the port number of the services, like change the 5432 to 6985
>> or any other number. This is for security reasons. Is really a good
>> practice?

> Well, not really. Anyone who wants to get in, is just going to scan your
> ports to find out what is open anyway. What you really need to do
> is have a decent firewall in place and correctly configure postgresql
> from the beginning.

It's just "security by obscurity".  Now there's nothing wrong with that,
as long as you realize that it's only one obstacle in the path of an
attacker, and not a very large one.  Use it as one component of your
security plan, but not the only one.

            regards, tom lane

Re: Change port number

From
Christopher Browne
Date:
In the last exciting episode, rodrigo.sakai@poli.usp.br ("Rodrigo Sakai") wrote:
>   I have a question about changing the port number of Databases
> server. It was told to me that is a good administrative practice to
> change the port number of the services, like change the 5432 to 6985
> or any other number. This is for security reasons. Is really a good
> practice?

Well, it would presumably protect against certain kinds of "script
kiddie" attacks which assume that PostgreSQL can only ever run on port
5432.

It won't protect terribly much against a concerted attack.

We use variant port numbers a lot because we have multiple database
instances in our environments.  The measure isn't "protective" so much
as it is necessary, since at most one instance can use port 5432...
--
let name="cbbrowne" and tld="gmail.com" in String.concat "@" [name;tld];;
http://linuxdatabases.info/info/internet.html
"I heard that if you play  the Windows CD  backward, you get a satanic
message. But that's  nothing compared to  when you play it forward: It
installs Windows...." -- G. R. Gaudreau