Search Postgresql Archives

Re: Connect to postgres from a dynamic IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Collin wrote:


But make it "hostssl" instead of "host", to require some cryptography in the channel used, specially to authenticate the connection.

Opening your access to everyone without crypto sounds like something you don't want to do. Specially if users can change their own passwords...

My understanding is no password is sent in the clear with md5 per:

http://www.postgresql.org/docs/8.3/interactive/auth-methods.html#AUTH-PASSWORD


Paul

However, it depends on the sort of data you are accessing. Sending a MD5 password is all well and good but if your data consists of credit card info or trade secrets then you'll want that encrypted too.


Yes true, if your data is sensitive, go with SSL.

On the other hand, if you're sending credit card data around, you must comply with the PCI audit regulation, in which case there is exactly 0.0% chance you're putting your database port on a public network.

Regards,
Paul


---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

              http://www.postgresql.org/docs/faq

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux