Dear Sean, yes, maybe. But actually I thought some suggestions. The only real problem of mine is to configure the SSL. I am able configure the pg_hba.conf (at least I think so now), we have a firewal on the server too. I meant that maybe somebody can suggest something to make the thing more secure. Thank you, -- Csaba -----Original Message----- From: Sean Davis [mailto:sdavis2@xxxxxxxxxxxx] Sent: Friday, June 17, 2005 3:09 PM To: Együd Csaba Cc: pgsql-general@xxxxxxxxxxxxxx Subject: Re: Making the DB secure On Jun 17, 2005, at 8:49 AM, Együd Csaba wrote: > Hi, > we plan to make available our database from the internet (direct > tcp/ip based connections). We want to make it as secure as possible. > There are a few users who could access the database, but we want to > block any other users to access. > > Our plans are: > - using encripted (ssl) connections - since sensitive (medical) > personal information are stored. > (How to setup this? What do we need on server side, and what on > client > side?) > - using pg_hba.conf to configure authentication method and IP filters > - forcing our users to change their passwords frequently > - applying strong password policy (long pw, containing > upper/lowercase characters and numbers) > > Could anybody suggest us something more valuable features in postgres > to improve the security? > Regarding SSL, I'd like to know how to use it correctly. What we have > to do on the server to accept ssl connections, and what kind of client > softwares are required. > > Many thanks, > > -- Csaba Együd It sounds like you might want to think about hiring a consultant to help out here--what do others think? With medical information, this is not something you want to get wrong. Sean -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16. ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your message can get through to the mailing list cleanly
