On Wed, Jan 26, 2005 at 01:29:53PM -0500, Alex Turner wrote: > Generaly network security suggests that your database server should > not allow connections from external addresses (including for services > like ssh as well as pgsql). iptables can help acheive this if your > servers are all on public IPs (also not a very good idea), otherwise > the best place to configure this is at your firewall/router. Some people like to have constraints in the database in addition to whatever host- or network-based security is in place. The thinking is that the closer the constraints are to the data, the less likely they are to be circumvented, either intentionally or accidentally. Firewalls keep out unauthorized users, application checks provide a layer of defense against bogus data from authorized users, and constraints in the database itself prevent bad data from being entered by misbehaving applications or by users who are bypassing the application (e.g., somebody tweaking the data from a psql session). Constraints in table definitions also serve as self-documentation. -- Michael Fuhr http://www.fuhr.org/~mfuhr/ ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your message can get through to the mailing list cleanly
