X-Original-To: pgsql-docs-postgresql.org@localhost.postgresql.org Received: from localhost (unknown [64.117.224.130]) by svr1.postgresql.org (Postfix) with ESMTP id 1731DD1B897 for ; Sun, 17 Aug 2003 02:13:41 +0000 (GMT) Received: from svr1.postgresql.org ([64.117.224.193]) by localhost (neptune.hub.org [64.117.224.130]) (amavisd-new, port 10024) with ESMTP id 66897-04 for ; Sat, 16 Aug 2003 23:13:34 -0300 (ADT) Received: from candle.pha.pa.us (momjian.navpoint.com [207.106.42.251]) by svr1.postgresql.org (Postfix) with ESMTP id 5F9F5D1B524 for ; Sat, 16 Aug 2003 23:13:29 -0300 (ADT) Received: (from pgman@localhost) by candle.pha.pa.us (8.11.6/8.11.6) id h7H2DQ726885; Sat, 16 Aug 2003 22:13:26 -0400 (EDT) From: Bruce Momjian Message-Id: <200308170213.h7H2DQ726885@candle.pha.pa.us> Subject: Re: [HACKERS] What goes into the security doc? In-Reply-To: <3F3EABA4.7982.1ADA889@localhost> To: Dan Langille Date: Sat, 16 Aug 2003 22:13:26 -0400 (EDT) Cc: PostgreSQL-documentation X-Mailer: ELM [version 2.4ME+ PL99 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII X-Virus-Scanned: by amavisd-new at postgresql.org X-Archive-Number: 200308/52 X-Sequence-Number: 1912 I would say any time before 7.4 final, which should be in 4-6 weeks. --------------------------------------------------------------------------- Dan Langille wrote: > Given I'm the smartass that volunteered in the first place, perhaps I > should complete what I started. > > I work well with a deadline. When do you want this done? > > On 16 Aug 2003 at 12:41, Bruce Momjian wrote: > > > Now that we are in beta, does someone want to tackle a "security" > > section in the docs? > > > > > > --------------------------------------------------------------------------- > > > > Dan Langille wrote: > > > With reference to my post to the "PostgreSQL Password Cracker" on > > > 2003-01-02, I've promised to write a security document for the project. > > > Here it is, Sunday night, and I can't sleep. What better way to get there > > > than start this task... > > > > > > My plan is to write this in very simple HTML. I will post the draft > > > document on my website and post the URL here from time to time for > > > feedback. Please make suggestions for content. So far, I will cover these > > > items: > > > > > > - .pgpass (see > > > http://developer.postgresql.org/docs/postgres/libpq-files.html) > > > - local connections > > > - remote connections (recommending SSL) > > > - pg_hba (only in passing, most of that is at > > > http://www.postgresql.org/idocs/index.php?client-authentication.html) > > > - running the postmaster as a specific user > > > > > > That doesn't sound like much. Surely you can think of something else to > > > add. Should I post this to another list for their views? > > > > > > OK, that's done it. I'm ready for sleep now. > > > > > > > > > ---------------------------(end of broadcast)--------------------------- > > > TIP 5: Have you checked our extensive FAQ? > > > > > > http://www.postgresql.org/users-lounge/docs/faq.html > > > > > > > -- > > Bruce Momjian | http://candle.pha.pa.us > > pgman@candle.pha.pa.us | (610) 359-1001 > > + If your life is a hard drive, | 13 Roberts Road > > + Christ can be your backup. | Newtown Square, Pennsylvania 19073 > > > > > -- > Dan Langille : http://www.langille.org/ > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073