Thread: Best security practices for installing pgSQL with my software
My software package will install PostGreSQL on the server, and clients will connect to it with a windows smart client application. What would be the best way to keep the PostGreSQL usernames and passwords secure?
I will be doing a silent install of the database, and obviously this will require a service username and password. Should I hardcode the service username and password? Or should I let the person installing the software enter their own username and password for the server?
Also, what should I do when it comes to the actual user for the database? How should I handle these details? This software will be installed on many different Pc’s by many different people.
Can I use OpenSSL to secure communications between the clients and the server?
Thanks
Hi Harald,
The program will have a database on the local PC, and be able to connect to the server database as well. Eventually they will synchronise the email, contacts etc.
I need the database on the local PC so the user can take their PC/laptop home and still work.
Do you think a direct connection to the database port using SSL will be suitable for this kind of scenario?
From: Harald Armin Massa [mailto:haraldarminmassa@gmail.com]
Sent: 12 June 2006 11:24 AM
To: Greg
Subject: Re: [GENERAL] Best security practices for installing pgSQL with my software
Hello Greg!
>I will be doing a silent install of the database, and obviously this will require a service username and password. Should I hardcode the >service username and password? Or should I let the person installing the software enter their own username and password for the >server?
Are you sure you want to do a silent install of a database on a server? That is, do you have THAT many servers that it would be justified?
You are aware that you do NOT need to install PostgreSQL on a client to access the server? Only a very very very tiny library is enough for that (those three "very" are after installing Oracle "Instant Client" with 35MB)
>Can I use OpenSSL to secure communications between the clients and the server?
Yes.
Harald
--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
on different matter:
did you ever dream of visiting CERN? The place where the antimatter for exploding Vatican is created? To eat in cantinas
with the worlds highest propability to stand in queue with future or past Nobel Prize Winners? To talk about Web 2.5 at the place where Web 0.1 up to Web 1.0 were developed? register at www.europython.org!
The program will have a database on the local PC, and be able to connect to the server database as well. Eventually they will synchronise the email, contacts etc.
I need the database on the local PC so the user can take their PC/laptop home and still work.
Do you think a direct connection to the database port using SSL will be suitable for this kind of scenario?
The challenges begin with the key infrastructure, the synchronization, the network, the ports, the installation of Databases on a lot of client computers in an automated fashion etc., the access rights et. all
It took me around a year to get that working :); so better start now.
Best wishes and good luck,
Harald
--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
on different matter:
did you ever dream of visiting CERN? The place where the antimatter for exploding Vatican is created? To eat in cantinas
with the worlds highest propability to stand in queue with future or past Nobel Prize Winners? To talk about Web 2.5 at the place where Web 0.1 up to Web 1.0 were developed? register at www.europython.org!