Re: how to secure pg_hba.conf

Поиск
Список
Период
Сортировка
От David G. Johnston
Тема Re: how to secure pg_hba.conf
Дата
Msg-id CAKFQuwa_pumVRLPas6qiiayyqPj7nbKMntj9GEAKci6g-mzw=Q@mail.gmail.com
обсуждение исходный текст
Ответ на how to secure pg_hba.conf  (Rizwan Shaukat <rizwan.shaukat@hotmail.com>)
Ответы Re: how to secure pg_hba.conf  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-general
Дерево обсуждения
On Thu, Dec 1, 2022 at 11:36 AM Rizwan Shaukat <rizwan.shaukat@hotmail.com> wrote:
we hv requiremnt from security to secure pg_hba.conf file was encryption or password protected on server to protect ip visibilty because these server access by application n thy can amend as well. how we can achive it pls


You cannot with the present implementation of the system - pg_hba.conf is read by the PostgreSQL process as a file.  I do not think the server is prepared for that file to be some kind of program whose stdout is the contents and you could arrange for that program to do whatever it is you'd like.

That said, it isn't clear to me what you mean by "these server access by application n thy can amend as well".  You are welcome to make the file read-only except by root if amending it is a concern.  I don't understand what exposure knowing ip addresses gives - I suppose knowledge is helpful but security by obscurity isn't real security.

David J.

В списке pgsql-general по дате отправления:

Предыдущее
От: Dominique Devienne
Дата:
Сообщение: Re: Stored procedure code no longer stored in v14 and v15, changed behaviour
Следующее
От: Christophe Pettus
Дата:
Сообщение: Re: Stored procedure code no longer stored in v14 and v15, changed behaviour