Thread: Securing PostgreSQL

Are there docs on securing PostgreSQL?
I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple pg_hba.conf examples.

thank you!

Troy Campano

On Tue, Jul 16, 2002 at 10:44:34 -0400,
  "Campano, Troy" <Troy.Campano@LibertyMutual.com> wrote:
> Are there docs on securing PostgreSQL?
> I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple
pg_hba.confexamples. 

Have you read the stuff in the documentation that comes with Postgresql?

For controlling access to objects look at the GRANT command in the
reference manual.

For information on authenticating users look at client authentication
in the administrator's guide.

Both of these areas are getting new features in 7.3, so you might
want to look at the development docs to see what will be available
in a couple of months.

Other issues that might be of interest but aren't covered there are
sql injection (make sure you quote user input correctly) and setting
up packet filtering (this can prevent people from exploiting bugs that
can be used without authentication).

Practical PostgreSQL gives pretty extensive overview on users and group
permissions.

On Tue, 16 Jul 2002, Campano, Troy wrote:

> Are there docs on securing PostgreSQL?
> I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple
pg_hba.confexamples. 
>
>
> thank you!
>
>
> Troy Campano
>