On Tue, Jul 16, 2002 at 10:44:34 -0400,
"Campano, Troy" <Troy.Campano@LibertyMutual.com> wrote:
> Are there docs on securing PostgreSQL?
> I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple
pg_hba.confexamples.
Have you read the stuff in the documentation that comes with Postgresql?
For controlling access to objects look at the GRANT command in the
reference manual.
For information on authenticating users look at client authentication
in the administrator's guide.
Both of these areas are getting new features in 7.3, so you might
want to look at the development docs to see what will be available
in a couple of months.
Other issues that might be of interest but aren't covered there are
sql injection (make sure you quote user input correctly) and setting
up packet filtering (this can prevent people from exploiting bugs that
can be used without authentication).