With reference to my post to the "PostgreSQL Password Cracker" on
2003-01-02, I've promised to write a security document for the project.
Here it is, Sunday night, and I can't sleep. What better way to get there
than start this task...
My plan is to write this in very simple HTML. I will post the draft
document on my website and post the URL here from time to time for
feedback. Please make suggestions for content. So far, I will cover these
items:
- .pgpass (see
http://developer.postgresql.org/docs/postgres/libpq-files.html)
- local connections
- remote connections (recommending SSL)
- pg_hba (only in passing, most of that is at
http://www.postgresql.org/idocs/index.php?client-authentication.html)
- running the postmaster as a specific user
That doesn't sound like much. Surely you can think of something else to
add. Should I post this to another list for their views?
OK, that's done it. I'm ready for sleep now.