Thread: postgres "on in the internet"

postgres "on in the internet"

From
"Po Eddie Lim"
Date:
Hello...

 Is it possible in PostGre 7.3 to query the size of a text[] array attribute
 of a table? Does anyone know how this is queried in 7.3?

 thanks... help is greatly needed.
 eddie

----- Original Message -----
From: "Po Eddie Lim" <eddiepo@hq.ntsp.nec.co.jp>
To: "Mike Nolan" <nolan@gw.tssi.com>; "Paul Tillotson" <pntil@shentel.net>
Cc: <pgsql-general@postgresql.org>
Sent: Friday, September 03, 2004 4:12 PM
Subject: Re: [GENERAL] postgres "on in the internet"


> Hello...
>
> Is it possible in PostGre 7.3 to query the size of a text[] array
attribute
> of a table? Does anyone know how this is queried in 7.3?
>
> thanks... help is greatly needed.
> eddie
>
> ----- Original Message -----
> From: "Mike Nolan" <nolan@gw.tssi.com>
> To: "Paul Tillotson" <pntil@shentel.net>
> Cc: <pgsql-general@postgresql.org>
> Sent: Friday, September 03, 2004 8:42 AM
> Subject: Re: [GENERAL] postgres "on in the internet"
>
>
> > > Does anyone out there have experience with this or recommended best
> > > practices?  We have been looking at either (a) tunnelling everything
> > > over ssh, or (b) just making sure that users have "strong" passwords
and
> > > requiring "md5" authentication in pg_hba.conf.
> >
> > Have you considered using VPN routers to punch a hole through your
> firewall?
> >
> > Can you do a a combination of A and B?  (Does that make much sense?)
> >
> > You should also consider blocking all IP addresses other than the client
> > nodes at the firewall.  That won't help much if the client node gets
> > compromised.
> > --
> > Mike Nolan
> >
> > ---------------------------(end of broadcast)---------------------------
> > TIP 3: if posting/reading through Usenet, please send an appropriate
> >       subscribe-nomail command to majordomo@postgresql.org so that your
> >       message can get through to the mailing list cleanly
> >
>


Re: postgres "on in the internet"

From
Daniel Martini
Date:
Hi,

Citing Paul Tillotson <pntil@shentel.net>:
> At my company we are looking at deploying clients for our client/server
> app outside our firewall, which will then require our postgres box to be
> internet-accessible.
>
> Does anyone out there have experience with this or recommended best
> practices?
> We have been looking at either
> (a) tunnelling everything over ssh, or

This, implementation of a VPN or using the builtin ssl-support in
postgresql is the way to go, because *everything* that goes through
the channel will be encrypted. With SSL you have the additional value
of being able to guarantee the identity of the server.
The information in the source code distribution in
src/backend/libpq/README.SSL
might prove useful to make your decision.

> (b) just making sure that users have "strong" passwords and
> requiring "md5" authentication in pg_hba.conf.

Too weak, IMHO. md5 is there to protect the password data stored
in the database, not the password transmission (someone already
mentioned tcp replay attacks).

Regards,
Daniel