durumdara wrote: > > Can I define in PGSQL, which DataBases can read from the localhost, and > which can from the net? Yes. See "authentication" in the manuals for details on pg_hba.conf and also "grant connect". Only allow password-protected connection over an encrypted ssl channel. Only allow connection from a specified IP address. Add a rule to your firewall to only allow connection from that address too. > Can I separate these databases to decreasing the dangers? Not phisically > - in other way to hide the private DBs. You can't hide their existence, but you can restrict which users can connect. You can have multiple versions of PostgreSQL running - the default on port 5432 and another on e.g. port 5433. Lots of people do this, often so they can have different versions of PG installed on the same machine. > Can I use some functions in PGSQL to make some protecting rules? Like in > Mail Servers: if the IP is same and pwd is wrong in X times, the IP > blocked for N hours... Not that I know of. On linux there is a tool called fail2ban which will do this for you, but I don't know of anything similar for Windows. > Last idea, if the port opening is not too good to convert > uploads/downloads to xml, and the client/server can read/write these > packages. > But this is hard to realize (convert all informations to same schema), > and it need to protect also... Not sure that gains you anything. If you have a user specifically for upload/download purposes you can restrict what they can do. You could even have a separate set of import tables that they write to and then they call a function to transfer to the live tables. That function could do additional checking if you think it necessary. HTH -- Richard Huxton Archonet Ltd - Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
