Együd Csaba wrote:
Hi,
we plan to make available our database from the internet (direct tcp/ip
based connections). We want to make it as secure as possible. There are a
few users who could access the database, but we want to block any other
users to access.
Our plans are:
- using encripted (ssl) connections - since sensitive (medical) personal
information are stored.
(How to setup this? What do we need on server side, and what on client
side?)
- using pg_hba.conf to configure authentication method and IP filters
- forcing our users to change their passwords frequently
- applying strong password policy (long pw, containing upper/lowercase
characters and numbers)
Could anybody suggest us something more valuable features in postgres to
improve the security?
Regarding SSL, I'd like to know how to use it correctly. What we have to do
on the server to accept ssl connections, and what kind of client softwares
are required.
It sounds to me like you plan to put the database server on the
internet. I hope not. It should at the very least be in a dmz:
database server <-> web server <-> firewall <-> internet
--
Until later, Geoffrey
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly
