Josh<j...@saucetel.com> wrote:
I am looking for suggestions on how best to secure a server that
is accessible via the internet. Even account creation for the
database is open to the world. Does anybody have any extra changes
they would make to postgresql.conf or OS changes they would
suggest? Perhaps some default permissions that would be best
revoked?
The system setup is currently a Linux box running PostgreSQL 8.4
My pg_hba.conf already limits remote connections to one database
and one particular role.
You don't give any details about your users or how/why they need this access so
it's hard to give good advice. But one possibility is to use SSH tunneling, so
that your users have to log in to your server first using a protocol that's
pretty secure.
ssh -L5432:localhost:5432 u...@host.com
Then the user connects locally instead of directly. On the user's computer:
psql -h localhost dbname
We've used this technique when a developer had to work from a remote location.
There is no direct access to Postgres at all, yet you can work remotely and
securely.
Craig
--
Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
