Search Postgresql Archives

Re: Making the DB secure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Karl,
OK, I see the point. We are going to look around the VPN. So as a
conclusion: can we state, that, in addition to all the security features
postgres provides, applying a VPN - with SSL and firewal - is enough to
provide the necessary security? 

The server will be a Linux(??) based system. The clients will run Windows
XP.
Are Windows based clients able to cooperate with these kind of Linux
servers?

Thanks,
-- Csaba



-----Original Message-----
From: Karl O. Pinc [mailto:kop@xxxxxxxx] 
Sent: Monday, June 20, 2005 8:51 PM
To: Együd Csaba
Cc: pgsql-general@xxxxxxxxxxxxxx
Subject: Re:  Making the DB secure


On 06/20/2005 12:32:12 PM, Együd Csaba wrote:
> Hi,
> thank you very much. These are very good ideas, I think.
> I forgot one thing to mention. We will have very few clients (max. 20) 
> and all clients will be required to have a fix IP address. Fix IP 
> addresses can be listed in pg_hba.conf to filter incoming IPs very 
> efficiently. With this note, do you think we need VPN or other 
> enhancement?

You want to consider the failure modes.  LANs can be ARP spoofed to redirect
traffic to elsewhere than their destination IP, or what happens if the
client does not request encryption or the server is restarted without
encryption enabled, etc.  You don't want to be allowing insecure
communication by accident and unawares.  VPNs are designed to disable
communication on failure, and the designers have presumably thought of all
the senarios.  When you roll your own security you need to be the one that
thinks of everything.
(Of course, some VPN products are much less secure than others.)

And maintaining things over time is always an issue.

Karl <kop@xxxxxxxx>
Free Software:  "You don't pay back, you pay forward."
                  -- Robert A. Heinlein


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.
 



--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.


---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command
    (send "unregister YourEmailAddressHere" to majordomo@xxxxxxxxxxxxxx)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux