Willy-Bas Loos <willybas@xxxxxxxxx> writes: > I'm wondering if i should open up the ports to my two clusters 5432 > and 5433 from "Anywhere"? No, not unless you'd like to take the risk of anyone on the internet poking into your databases. > I feel that it's a stupid question, since there is pg_hba, which > already does this work. Well, even if you trust pg_hba.conf to block unwanted connections, someone could still mount a DOS attack by flooding your postmaster with connection requests. It takes a significant number of cycles to reject a request on the basis of pg_hba.conf. regards, tom lane -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
