Обсуждение: Securing PostgreSQL
Are there docs on securing PostgreSQL?
I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple pg_hba.conf examples.
thank you!
Troy Campano
On Tue, Jul 16, 2002 at 10:44:34 -0400, "Campano, Troy" <Troy.Campano@LibertyMutual.com> wrote: > Are there docs on securing PostgreSQL? > I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple pg_hba.confexamples. Have you read the stuff in the documentation that comes with Postgresql? For controlling access to objects look at the GRANT command in the reference manual. For information on authenticating users look at client authentication in the administrator's guide. Both of these areas are getting new features in 7.3, so you might want to look at the development docs to see what will be available in a couple of months. Other issues that might be of interest but aren't covered there are sql injection (make sure you quote user input correctly) and setting up packet filtering (this can prevent people from exploiting bugs that can be used without authentication).
Practical PostgreSQL gives pretty extensive overview on users and group permissions. On Tue, 16 Jul 2002, Campano, Troy wrote: > Are there docs on securing PostgreSQL? > I've been looking on the Internet and own 2 PostgreSQL books, but I'm not able to find much other than a couple pg_hba.confexamples. > > > thank you! > > > Troy Campano >