> Josh<josh@saucetel.com> wrote:
>
> I am looking for suggestions on how best to secure a server that
> is accessible via the internet. Even account creation for the
> database is open to the world. Does anybody have any extra changes
> they would make to postgresql.conf or OS changes they would
> suggest? Perhaps some default permissions that would be best
> revoked?
>
> The system setup is currently a Linux box running PostgreSQL 8.4
> My pg_hba.conf already limits remote connections to one database
> and one particular role.
You don't give any details about your users or how/why they need this access so it's hard to give good advice. But one
possibilityis to use SSH tunneling, so that your users have to log in to your server first using a protocol that's
prettysecure.
ssh -L5432:localhost:5432 user@host.com
Then the user connects locally instead of directly. On the user's computer:
psql -h localhost dbname
We've used this technique when a developer had to work from a remote location. There is no direct access to Postgres
atall, yet you can work remotely and securely.
Craig