On Tue, 11 May 2004, zuhans@iname.com wrote:
> hello,
>
> i'm very new to postgres and have a fundamental question.
> how do i make a pg-db most secure?
> i feel, that pg_user e.g. ist something very dangerous - isn't it? if
> someone hacks into a db, then he has lots of information at his/her
> fingertips. is this so?
>
> what do i do to prevent my db from beeing hacked?
Hiding what is in pg_user (note the password field is blanked out) would
qualify as obscurity, not security. Security is provided by things like
checking the connection libraries postgresql uses to make sure there are
no buffer overflows or that things that would let a user gain unauthorized
access are not in place.
This topic comes up about once every three months, with someone thinking
that being able to see the database schema represents a security threat.
obscurity <> security
PostgreSQL is, as far as I've been able to ascertain, quite secure, as
long as you've configured it properly.
For instance, having authentication set to trust means that anyone can
become anyone else. That's fine if you and two other dbas are the only
people who connect to the machine, but in an environment were hundreds of
users may be using the database cluster, you can't rely on trust anymore,
and have to go to md5 passwords or ident authentication.
Forcing users to connect via SSL with md5 passwords is generally
considered the most secure method for connections.
What a user can see of the rest of the database is not a security issue,
though in an environment with thousands of users, it could be a usability
issue, where someone has to look through hundreds and hundreds of tables
to find their own.
Which is why seperate databases and / or schemas are often used.
But in general, PostgreSQL is very well designed and quite secure.