Does PostgreSQL have any baseline security configuration documents? (Aka "hardened" configuration "benchmark" checklist.) My organization is asking for official or vendor-supported baseline configurations for all our software. I looked through the PG manual, the security page on the website, and in Google and found some discussions about customizing role permissions and SSL connections, but nothing that covered the entirety of the software like this one for MySQL: http://benchmarks.cisecurity.org/en-us/?route=downloads.show.single.mysql.102 (Center for Internet Security). I can't link directly to the document because it's behind a download form, but the TOC outline covers: OS level configuration, file system permissions, logging, general (default test databases, accounts), database/table permissions, configuration options, backup/recovery. Each recommendation specifies whether it's scoreable (verifiable by an audit program), and its tradeoffs (i.e., whether it might be too burdensome or a bad idea in various situations). If I can't find such a checklist for PostgreSQL I can write my own, but it would be more authoritative if it were an official PostgreSQL document or supported by a vendor or organization. Thanks in advance. I've been a happy PostgreSQL user for two or three years now. -- Mike Orr <sluggoster@xxxxxxxxx> -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
