Обсуждение: how to secure pg_hba.conf
Hi, we hv requiremnt from security to secure pg_hba.conf file was encryption or password protected on server to protect ip visibiltybecause these server access by application n thy can amend as well. how we can achive it pls Rizwan
> On Dec 1, 2022, at 05:45, Rizwan Shaukat <rizwan.shaukat@hotmail.com> wrote: > we hv requiremnt from security to secure pg_hba.conf file was encryption or password protected on server to protect ipvisibilty because these server access by application n thy can amend as well. how we can achive it pls The only practical way of securing pg_hba.conf is to secure access to the Linux user that PostgreSQL is running as (assumingyou are on Linux, of course). That user will need to open and read the file, so there's no way of securing it againstthat user.
On 12/1/22 07:45, Rizwan Shaukat wrote: > Hi, > > we hv requiremnt from security to secure pg_hba.conf file was encryption or password protected on server to protect ipvisibilty because these server access by application n thy can amend as well. how we can achive it pls pg_hba.conf should only be readable by user postgres, while your application should not be running as user postgres. Thus, there should not be a problem. -- Angular momentum makes the world go 'round.
On Thu, Dec 1, 2022 at 11:36 AM Rizwan Shaukat <rizwan.shaukat@hotmail.com> wrote:
we hv requiremnt from security to secure pg_hba.conf file was encryption or password protected on server to protect ip visibilty because these server access by application n thy can amend as well. how we can achive it pls
You cannot with the present implementation of the system - pg_hba.conf is read by the PostgreSQL process as a file. I do not think the server is prepared for that file to be some kind of program whose stdout is the contents and you could arrange for that program to do whatever it is you'd like.
That said, it isn't clear to me what you mean by "these server access by application n thy can amend as well". You are welcome to make the file read-only except by root if amending it is a concern. I don't understand what exposure knowing ip addresses gives - I suppose knowledge is helpful but security by obscurity isn't real security.
David J.
"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Thu, Dec 1, 2022 at 11:36 AM Rizwan Shaukat <rizwan.shaukat@hotmail.com>
> wrote:
>> we hv requiremnt from security to secure pg_hba.conf file was encryption
>> or password protected on server to protect ip visibilty because these
>> server access by application n thy can amend as well. how we can achive it
>> pls
> You cannot with the present implementation of the system - pg_hba.conf is
> read by the PostgreSQL process as a file. I do not think the server is
> prepared for that file to be some kind of program whose stdout is the
> contents and you could arrange for that program to do whatever it is you'd
> like.
Even more to the point: if you are afraid of hostile actors being able
to access files inside your data directory, it seems to me that
pg_hba.conf is very far down the list of things to worry about. What's
to stop the same actors from examining/modifying other configuration
files, or even the actual database contents? If you don't think your
data directory is secure, you have problems that Postgres can't fix.
regards, tom lane