Hi,
we plan to make available our database from the internet (direct tcp/ip
based connections). We want to make it as secure as possible. There are a
few users who could access the database, but we want to block any other
users to access.
Our plans are:
- using encripted (ssl) connections - since sensitive (medical) personal
information are stored.
(How to setup this? What do we need on server side, and what on client
side?)
- using pg_hba.conf to configure authentication method and IP filters
- forcing our users to change their passwords frequently
- applying strong password policy (long pw, containing upper/lowercase
characters and numbers)
Could anybody suggest us something more valuable features in postgres to
improve the security?
Regarding SSL, I'd like to know how to use it correctly. What we have to do
on the server to accept ssl connections, and what kind of client softwares
are required.
Many thanks,
-- Csaba Együd
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.7.7/20 - Release Date: 2005.06.16.