With reference to my post to the "PostgreSQL Password Cracker" on 2003-01-02, I've promised to write a security document for the project. Here it is, Sunday night, and I can't sleep. What better way to get there than start this task...
My plan is to write this in very simple HTML. I will post the draft document on my website and post the URL here from time to time for feedback. Please make suggestions for content. So far, I will cover these items: - .pgpass (see http://developer.postgresql.org/docs/postgres/libpq-files.html) - local connections - remote connections (recommending SSL) - pg_hba (only in passing, most of that is at http://www.postgresql.org/idocs/index.php?client-authentication.html) - running the postmaster as a specific user That doesn't sound like much. Surely you can think of something else to add. Should I post this to another list for their views? OK, that's done it. I'm ready for sleep now. ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/users-lounge/docs/faq.html
