hi..
> * there is still a problem for the access to the database themselves : site
> 1 should access database 1, and not database 2, but there should have the
> least password in the calling scripts
a quick thought: if you are really paranoid, set up different installations of
postgres, even if on the same box... don't run them on the default port, set up
seperate pg_hba files and it should keep everything QUITE seperate.
> I already posted a message concerning security, but nobody seems to be
> concerned about this. I read the advices at www.cert.org, and since then, I
> became paranoiac...
as a side note, CERT sucks. they know security, if only because they know about
much of the cracking activity on the net, via reports. however, they are
close-mouthed about it all. they don't offer solutions, don't require vendors
to produce solutions and don't tell the public about the problems until the
vendor says "ok, tell 'em now", which is usually FAR too late. why do you think
they lose most of their star players (such as the guy who wrote SATAN?)? A:
frustration.
there are MUCH better security sites/sources than CERT. e.g. security portal.
--
Aaron J. Seigo
Sys Admin