On Jun 17, 2005, at 8:49 AM, Együd Csaba wrote:
> Hi,
> we plan to make available our database from the internet (direct tcp/ip
> based connections). We want to make it as secure as possible. There
> are a
> few users who could access the database, but we want to block any other
> users to access.
>
> Our plans are:
> - using encripted (ssl) connections - since sensitive (medical)
> personal
> information are stored.
> (How to setup this? What do we need on server side, and what on
> client
> side?)
> - using pg_hba.conf to configure authentication method and IP filters
> - forcing our users to change their passwords frequently
> - applying strong password policy (long pw, containing
> upper/lowercase
> characters and numbers)
>
> Could anybody suggest us something more valuable features in postgres
> to
> improve the security?
> Regarding SSL, I'd like to know how to use it correctly. What we have
> to do
> on the server to accept ssl connections, and what kind of client
> softwares
> are required.
>
> Many thanks,
>
> -- Csaba Együd
It sounds like you might want to think about hiring a consultant to
help out here--what do others think? With medical information, this is
not something you want to get wrong.
Sean