Thread: Re: [HACKERS] What goes into the security doc?
Now that we are in beta, does someone want to tackle a "security" section in the docs? --------------------------------------------------------------------------- Dan Langille wrote: > With reference to my post to the "PostgreSQL Password Cracker" on > 2003-01-02, I've promised to write a security document for the project. > Here it is, Sunday night, and I can't sleep. What better way to get there > than start this task... > > My plan is to write this in very simple HTML. I will post the draft > document on my website and post the URL here from time to time for > feedback. Please make suggestions for content. So far, I will cover these > items: > > - .pgpass (see > http://developer.postgresql.org/docs/postgres/libpq-files.html) > - local connections > - remote connections (recommending SSL) > - pg_hba (only in passing, most of that is at > http://www.postgresql.org/idocs/index.php?client-authentication.html) > - running the postmaster as a specific user > > That doesn't sound like much. Surely you can think of something else to > add. Should I post this to another list for their views? > > OK, that's done it. I'm ready for sleep now. > > > ---------------------------(end of broadcast)--------------------------- > TIP 5: Have you checked our extensive FAQ? > > http://www.postgresql.org/users-lounge/docs/faq.html > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Given I'm the smartass that volunteered in the first place, perhaps I should complete what I started. I work well with a deadline. When do you want this done? On 16 Aug 2003 at 12:41, Bruce Momjian wrote: > Now that we are in beta, does someone want to tackle a "security" > section in the docs? > > > --------------------------------------------------------------------------- > > Dan Langille wrote: > > With reference to my post to the "PostgreSQL Password Cracker" on > > 2003-01-02, I've promised to write a security document for the project. > > Here it is, Sunday night, and I can't sleep. What better way to get there > > than start this task... > > > > My plan is to write this in very simple HTML. I will post the draft > > document on my website and post the URL here from time to time for > > feedback. Please make suggestions for content. So far, I will cover these > > items: > > > > - .pgpass (see > > http://developer.postgresql.org/docs/postgres/libpq-files.html) > > - local connections > > - remote connections (recommending SSL) > > - pg_hba (only in passing, most of that is at > > http://www.postgresql.org/idocs/index.php?client-authentication.html) > > - running the postmaster as a specific user > > > > That doesn't sound like much. Surely you can think of something else to > > add. Should I post this to another list for their views? > > > > OK, that's done it. I'm ready for sleep now. > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 5: Have you checked our extensive FAQ? > > > > http://www.postgresql.org/users-lounge/docs/faq.html > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > -- Dan Langille : http://www.langille.org/
Bruce Momjian writes: > Now that we are in beta, does someone want to tackle a "security" > section in the docs? IMO, security shouldn't be a section, it should be a recurring theme throughout all documentation material. -- Peter Eisentraut peter_e@gmx.net
On 19 Aug 2003 at 10:18, Peter Eisentraut wrote: > Bruce Momjian writes: > > > Now that we are in beta, does someone want to tackle a "security" > > section in the docs? > > IMO, security shouldn't be a section, it should be a recurring theme > throughout all documentation material. Do you think the existing docs are inadequete in this regard? If so, in what areas are they insufficient? What changes do you recommend? FWIW, having a theme is a great idea. Please let us know of any changes you see necessary. But I, and others much wiser than I am, think a section where the admin can read up on the important stuff is essential. If you were new to PostgreSQL, would you rather string together information from all over the documentation or would you rather have a concise overview of Things You Need To Know(tm)? As always, patches are requested. -- Dan Langille : http://www.langille.org/
I've started. I'm wondering how much we need to cover here and how much can be delegated to other sections of the documentation. Before I get very far into this, I want to get some ideas as to what we need. This is what I have so far: http://www.freebsddiary.org/tmp/PostgreSQL-security.txt cheers On 16 Aug 2003 at 12:41, Bruce Momjian wrote: > > Now that we are in beta, does someone want to tackle a "security" > section in the docs? > > > --------------------------------------------------------------------------- > > Dan Langille wrote: > > With reference to my post to the "PostgreSQL Password Cracker" on > > 2003-01-02, I've promised to write a security document for the project. > > Here it is, Sunday night, and I can't sleep. What better way to get there > > than start this task... > > > > My plan is to write this in very simple HTML. I will post the draft > > document on my website and post the URL here from time to time for > > feedback. Please make suggestions for content. So far, I will cover these > > items: > > > > - .pgpass (see > > http://developer.postgresql.org/docs/postgres/libpq-files.html) > > - local connections > > - remote connections (recommending SSL) > > - pg_hba (only in passing, most of that is at > > http://www.postgresql.org/idocs/index.php?client-authentication.html) > > - running the postmaster as a specific user > > > > That doesn't sound like much. Surely you can think of something else to > > add. Should I post this to another list for their views? > > > > OK, that's done it. I'm ready for sleep now. > > > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 5: Have you checked our extensive FAQ? > > > > http://www.postgresql.org/users-lounge/docs/faq.html > > > > -- > Bruce Momjian | http://candle.pha.pa.us > pgman@candle.pha.pa.us | (610) 359-1001 > + If your life is a hard drive, | 13 Roberts Road > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > -- Dan Langille : http://www.langille.org/
Dan Langille writes: > I've started. I'm wondering how much we need to cover here and how > much can be delegated to other sections of the documentation. Before > I get very far into this, I want to get some ideas as to what we > need. If you intend this to go into the main documentation, then I think we don't need anything, because everything is already documented in its proper place. What you wrote is basically just a summary of various system aspects that might have to do with that vague word "security", together with pointers to the places where they are documented (which reinforces my point). Perhaps a "howto" format that you can post on techdocs might be more appropriate for you. -- Peter Eisentraut peter_e@gmx.net
On 30 Aug 2003 at 16:15, Peter Eisentraut wrote: > Dan Langille writes: > > > I've started. I'm wondering how much we need to cover here and how > > much can be delegated to other sections of the documentation. Before > > I get very far into this, I want to get some ideas as to what we > > need. > > If you intend this to go into the main documentation, then I think we > don't need anything, because everything is already documented in its > proper place. It has already been decided that we need something. Hence the request for someone to write it and my start on the task. > What you wrote is basically just a summary of various > system aspects that might have to do with that vague word "security", > together with pointers to the places where they are documented (which > reinforces my point). Your point being that we don't need anything more than we already have? That conflicts with what has already been decided. > Perhaps a "howto" format that you can post on > techdocs might be more appropriate for you. I'm not sure what you mean by "for you". -- Dan Langille : http://www.langille.org/
Dan Langille writes: > It has already been decided that we need something. Please point me to where this has been decided. -- Peter Eisentraut peter_e@gmx.net
On 30 Aug 2003 at 17:37, Peter Eisentraut wrote: > Dan Langille writes: > > > It has already been decided that we need something. > > Please point me to where this has been decided. I'm sure you can google as well I can can. The original message in this thread referred to "PostgreSQL Password Cracker" posted on 2003- 01-02. You could also search for the subject of this message. When you find those you'll see that such a section was suggested. I took up the task, suggested some content. Then it lingered and was brought up again recently. Your objections are the first. I can't see why you, or anyone for that matter, can possibly object to a section titled security which points to the relevent components and parts within the documentation. As previously stated, what I have posted is a starting point. You aren't being asked to do the work. Why do you care if someone else does it? You may not need such documentation, but it will be useful to many. -- Dan Langille : http://www.langille.org/
Dan Langille wrote: > On 30 Aug 2003 at 17:37, Peter Eisentraut wrote: > > > Dan Langille writes: > > > > > It has already been decided that we need something. > > > > Please point me to where this has been decided. > > I'm sure you can google as well I can can. The original message in > this thread referred to "PostgreSQL Password Cracker" posted on 2003- > 01-02. You could also search for the subject of this message. When > you find those you'll see that such a section was suggested. I took > up the task, suggested some content. Then it lingered and was > brought up again recently. Your objections are the first. > > I can't see why you, or anyone for that matter, can possibly object > to a section titled security which points to the relevent components > and parts within the documentation. As previously stated, what I have > posted is a starting point. > > You aren't being asked to do the work. Why do you care if someone > else does it? You may not need such documentation, but it will be > useful to many. I don't think we "decided" to add it, but no one has objected to the idea, except Peter recently. Does it make sense to have a security overview section in the documentation? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
Bruce Momjian <pgman@candle.pha.pa.us> writes:
> I don't think we "decided" to add it, but no one has objected to the
> idea, except Peter recently. Does it make sense to have a security
> overview section in the documentation?
I think it does.
As I think Peter is trying to point out, you could almost get the same
result just by having a fat index entry under "security", but I think
people are more likely to notice a chapter or section in the Admin Guide
with such a title. Also, once we have such a chapter, we might find it
reads more naturally to move some of the existing discussions into it,
leaving only a cross-reference where the material is now.
regards, tom lane
Tom Lane writes: > As I think Peter is trying to point out, you could almost get the same > result just by having a fat index entry under "security", but I think > people are more likely to notice a chapter or section in the Admin Guide > with such a title. Also, once we have such a chapter, we might find it > reads more naturally to move some of the existing discussions into it, > leaving only a cross-reference where the material is now. These are the topics that Dan has identified so far: file security database users and privileges client authentication libpq password files external libraries It makes no sense to put all these topics into one chapter, because they have nothing in common (except "security"): they apply in different stages of PostgreSQL use, they are managed by different programs and environments, and they affect different people. From that point of view, we already have security documentation: The chapter "Server Run-time Environment" (currently ch.16) covers security aspects for system administrators when setting up a server. The chapter "Database Users and Privileges" (ch. 17) covers security aspects for database administrators on the SQL level. The chapter "Client Authentication" (ch. 18) covers security aspects covers security aspects for database/system administrators with file system access (depends on local policies who does that). The section "libpq"/"The Password File" covers one particular aspect of security of libpq applications. (There are certainly more interesting security aspects with libpq applications. The password file is pretty uninteresting, because if you don't secure it it's ignored anyway.) Note that chapters 17 and 18 are exclusively dedicated to security -- you can't even claim to miss it in the other material, and unless you don't know what "privileges" and "authentication" are, you can't even miss them in the table of contents. And if you start reading chapter 16, the first two sections are all about securing the server. The issue that started this was that there was not enough documentation about choosing good passwords and preferably not using passwords over non-SSL connections over public networks. I agree that this could be improved, and it could be done by regrouping some of the above material. But we don't need a section that just points to other sections, because that doesn't improve the substance of the material. On the contrary, it is known to confuse and annoy readers. -- Peter Eisentraut peter_e@gmx.net
On 30 Aug 2003 at 17:50, Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > I don't think we "decided" to add it, but no one has objected to the > > idea, except Peter recently. Does it make sense to have a security > > overview section in the documentation? > > I think it does. > > As I think Peter is trying to point out, you could almost get the same > result just by having a fat index entry under "security", but I think > people are more likely to notice a chapter or section in the Admin Guide > with such a title. Also, once we have such a chapter, we might find it > reads more naturally to move some of the existing discussions into it, > leaving only a cross-reference where the material is now. So do we want this work or not? -- Dan Langille : http://www.langille.org/