On 6/17/05, Együd Csaba <csegyud@xxxxxxx> wrote: > Hi, <snip> couple of things: 1. make sure postgresql is in a very tight chroot environment. without shell or anything else. 2. make sure you have list of all client ips, and use firewall to allow them, and only them to access postgresql port. all other connections should be rejected on firewall level, not application level!. 3. accept connections only through ssl (as for what you need - both client and server has to be build and linked agains openssl library). 4. if above is not possible - enforce usage of vpn. i would suggest openvpn - it's much easier to setup then ipsec based vpns, and yet it still holds all security measures. 5. define unique users inside of database for each real user. give them only the rights they need to have - not even a single "SELECT" more. 6. when possible - revoke select access to tables, grant select access to views 7. when possible - revoke all access to tables, grant execute access to functions which will be modifying database (just define them with "security definer" flag). 8. log all queries to files. with postgresql 8 it's easier then it ever was. dont log through syslog! 9. log all system activities - you can use grsecurity patches for extended auditing. 10. using grsecurity or selinux or lids or ... - block unnecessary accesses on system level (acls) 11. pray. this is what we do commercially, and as for now - it works great. best regards, depesz ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend
