Обсуждение: postgres "on in the internet"
Hello... Is it possible in PostGre 7.3 to query the size of a text[] array attribute of a table? Does anyone know how this is queried in 7.3? thanks... help is greatly needed. eddie ----- Original Message ----- From: "Po Eddie Lim" <eddiepo@hq.ntsp.nec.co.jp> To: "Mike Nolan" <nolan@gw.tssi.com>; "Paul Tillotson" <pntil@shentel.net> Cc: <pgsql-general@postgresql.org> Sent: Friday, September 03, 2004 4:12 PM Subject: Re: [GENERAL] postgres "on in the internet" > Hello... > > Is it possible in PostGre 7.3 to query the size of a text[] array attribute > of a table? Does anyone know how this is queried in 7.3? > > thanks... help is greatly needed. > eddie > > ----- Original Message ----- > From: "Mike Nolan" <nolan@gw.tssi.com> > To: "Paul Tillotson" <pntil@shentel.net> > Cc: <pgsql-general@postgresql.org> > Sent: Friday, September 03, 2004 8:42 AM > Subject: Re: [GENERAL] postgres "on in the internet" > > > > > Does anyone out there have experience with this or recommended best > > > practices? We have been looking at either (a) tunnelling everything > > > over ssh, or (b) just making sure that users have "strong" passwords and > > > requiring "md5" authentication in pg_hba.conf. > > > > Have you considered using VPN routers to punch a hole through your > firewall? > > > > Can you do a a combination of A and B? (Does that make much sense?) > > > > You should also consider blocking all IP addresses other than the client > > nodes at the firewall. That won't help much if the client node gets > > compromised. > > -- > > Mike Nolan > > > > ---------------------------(end of broadcast)--------------------------- > > TIP 3: if posting/reading through Usenet, please send an appropriate > > subscribe-nomail command to majordomo@postgresql.org so that your > > message can get through to the mailing list cleanly > > >
Hi, Citing Paul Tillotson <pntil@shentel.net>: > At my company we are looking at deploying clients for our client/server > app outside our firewall, which will then require our postgres box to be > internet-accessible. > > Does anyone out there have experience with this or recommended best > practices? > We have been looking at either > (a) tunnelling everything over ssh, or This, implementation of a VPN or using the builtin ssl-support in postgresql is the way to go, because *everything* that goes through the channel will be encrypted. With SSL you have the additional value of being able to guarantee the identity of the server. The information in the source code distribution in src/backend/libpq/README.SSL might prove useful to make your decision. > (b) just making sure that users have "strong" passwords and > requiring "md5" authentication in pg_hba.conf. Too weak, IMHO. md5 is there to protect the password data stored in the database, not the password transmission (someone already mentioned tcp replay attacks). Regards, Daniel