Hi All, I am really sorry for upsetting the list. You are absolutelly right, I do have applied a network specialist, who stated that the VPN is a must, and we started to configure and test the server together (using OpenVPN). Actually this application is going to operate in a test phase for months, so we have the time to test securty issues. Dear Geoffrey, please do not worry, we won't misapply any sensitive data. BTW, I would like to close this thread on this list, because this is rather off topic here. Thank you very much for opening up my eyes. I really thought I can find it out alone. I wasn't right. Thanks for you all. Certainly anybody is wellcome to write me in private. Regards, -- Csaba Együd. -----Original Message----- From: pgsql-general-owner@xxxxxxxxxxxxxx [mailto:pgsql-general-owner@xxxxxxxxxxxxxx] On Behalf Of Geoffrey Sent: Tuesday, June 21, 2005 11:41 PM To: pgsql-general@xxxxxxxxxxxxxx Subject: Re: Making the DB secure Együd Csaba wrote: > Hi, > thank you very much. These are very good ideas, I think. > I forgot one thing to mention. We will have very few clients (max. 20) > and all clients will be required to have a fix IP address. Fix IP > addresses can be listed in pg_hba.conf to filter incoming IPs very > efficiently. With this note, do you think we need VPN or other enhancement? YOU NEED A SECURITY CONSULTANT. If you think you can rely on static ips as a security tool, you are clueless. I'm sorry, but the fact that you mentioned that this database contains medical information really disturbs me. A static IP insures NOTHING. A vpn will secure the connection and protect it. -- Until later, Geoffrey ---------------------------(end of broadcast)--------------------------- TIP 5: Have you checked our extensive FAQ? http://www.postgresql.org/docs/faq sive lock on the index's table, so until you roll back, no other transaction will be able to touch the table at all. So the whole thing may be a nonstarter in a production database anyway :-(. You can probably get away with BEGIN; DROP INDEX ... EXPLAIN ... ROLLBACK; if you fire it from a script rather than by hand --- but EXPLAIN ANALYZE might be a bad idea ... regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 8: explain analyze is your friend -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 2005.06.21. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.10/25 - Release Date: 2005.06.21. ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to majordomo@xxxxxxxxxxxxxx
