Josh<josh@xxxxxxxxxxxx> wrote: I am looking for suggestions on how best to secure a server that is accessible via the internet. Even account creation for the database is open to the world. Does anybody have any extra changes they would make to postgresql.conf or OS changes they would suggest? Perhaps some default permissions that would be best revoked? The system setup is currently a Linux box running PostgreSQL 8.4 My pg_hba.conf already limits remote connections to one database and one particular role.
You don't give any details about your users or how/why they need this access so it's hard to give good advice. But one possibility is to use SSH tunneling, so that your users have to log in to your server first using a protocol that's pretty secure. ssh -L5432:localhost:5432 user@xxxxxxxx Then the user connects locally instead of directly. On the user's computer: psql -h localhost dbname We've used this technique when a developer had to work from a remote location. There is no direct access to Postgres at all, yet you can work remotely and securely. Craig -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
