On Mon, 2006-10-30 at 15:36 +0100, Martijn van Oosterhout wrote: > On Mon, Oct 30, 2006 at 01:34:34PM +0100, Andrew Kelly wrote: > > Hi all, > > > > please forgive a (likely) less than clever question. > > > > Are the barriers provided by pg_hba.conf enough from a security > > standpoint, or is it best to put up some iptable rules duplicating the > > restrictions? > > iptables covers the entire server, whereas pg_hba.conf cancontrol per > database. Think of it as layers. If you know only two other machines > will ever access this server, you can use iptables to enforce this. > From those two machines, you than use pg_hba.conf to fine-tune the > access controls. > > Have a nice day, Thanks, Martijn, und danke Andreas. This is what I figured; appreciate the confirmation. Andy
