Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1epdXH-0000Qg-HE for pgsql-docs@arkaria.postgresql.org; Sat, 24 Feb 2018 17:22:59 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.84_2) (envelope-from ) id 1epdXG-0003p1-Bd for pgsql-docs@arkaria.postgresql.org; Sat, 24 Feb 2018 17:22:58 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1epdXG-0003os-4F for pgsql-docs@lists.postgresql.org; Sat, 24 Feb 2018 17:22:58 +0000 Received: from mail-it0-x244.google.com ([2607:f8b0:4001:c0b::244]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1epdXC-0003xy-Qh for pgsql-docs@lists.postgresql.org; Sat, 24 Feb 2018 17:22:57 +0000 Received: by mail-it0-x244.google.com with SMTP id k79so3719615ita.2 for ; Sat, 24 Feb 2018 09:22:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=ER0l94vNaFC7loflx/GS/k9IxhFhj4oA/Sv6p30YVqM=; b=gRKWKUC5X8EMpUlzEtcAS7AJvg7d7MhMwAun067K6mh4A/9RRxmBAqfUHgS3JptJf8 I5qGf+7vIup/n6TACr9dcMeh61Mz9WPqzc5FEeX96IWoAnYynJX+TebLXdoVWDC4f6L8 UVKgPtfbI65tXQwAtNywWXPZ6ggNpLrCQzK/fW6pkaYBH/TwMvapQn+E4iTGXSU3wSl7 DiqQv6iW6m3+HKTckssjbwk45FCJsjNnqDTEOSrbk5Vc7oZBgo1T1Um5KoU4zEfnJP+0 CUmjbkPKSZ1odozn21sfATAR9+YGrpBMbK9cSurAJ1BAUTBMgK7cLqOWzS4kmnWm4koj SVVQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=ER0l94vNaFC7loflx/GS/k9IxhFhj4oA/Sv6p30YVqM=; b=jzk0cNjmPNS+L6Rh9eBd7Um9Z7tXKDluEM8xKq8O3fDuoM7MtSWhUj/G3ktWCgEMGf RQyJwm8muf1gUpd4eZg90Kq1Qf5K/TC2gkfviJznA2hv1Hhf3CkzynX9bWhFNEzbBI4w loTL4/8tNgCSRiVnzbt4xY3CfxpTtAJPxz0QFwmvVqCUNJGhsHC0GDdx6ppfEYGmlqXt z1Jcwih2SyyEbBCl0Q0azG9GcUyBnkSh26fGCqsysrEQl5woNQ3zL4eFYyrnGUUkupkv oXcTkA9FhOgEctsqqgHRtohqyc2hp7j//b6L1mf5xBQaZE9lnPmRtbu25XJ81ScZJHRg cwxw== X-Gm-Message-State: APf1xPB7RDnKx4dwERmPNK8SXrhFYRcVNIYiSJtjIvZ1qchby+cIyvx4 l7PSCYFsvBI20ikMu/74RRYVvC1a1p5v70mo8ug= X-Google-Smtp-Source: AG47ELslrQW5YemfLyXoQA6UlXFosRMxNBizlp+m8yo1Xh7pJfR+TDgsImJpdq562M725PV6Nq0wjnGYG6nick+Ayis= X-Received: by 10.36.145.139 with SMTP id i133mr7161514ite.69.1519492972516; Sat, 24 Feb 2018 09:22:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.2.127.206 with HTTP; Sat, 24 Feb 2018 09:22:32 -0800 (PST) In-Reply-To: <151948799430.1463.1674902368730219470@wrigleys.postgresql.org> References: <151948799430.1463.1674902368730219470@wrigleys.postgresql.org> From: Pantelis Theodosiou Date: Sat, 24 Feb 2018 17:22:32 +0000 Message-ID: Subject: Re: Basic security To: midgley.tom@gmail.com, pgsql-docs@lists.postgresql.org Content-Type: multipart/alternative; boundary="94eb2c0ef36add9ab90565f88695" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk --94eb2c0ef36add9ab90565f88695 Content-Type: text/plain; charset="UTF-8" Your link is for an old version of Postgres (8.3). Current version is 10. You can find the link for the relaive page easily, it's on the top of the page, if you use a different version that 10 (I hope you are not still at 8.3 !) https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html On Sat, Feb 24, 2018 at 3:59 PM, PG Doc comments form < noreply@postgresql.org> wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html > Description: > > My pg_hba.conf file gives 'cert' as an authentication method. this is not > mentioned on this page. > > I think a basic pg_hba.conf to allow remote access require ssl, and to > prevent access to the postgres table would be a useful addition. > The more I see about this powerful environment the more nervous I get about > exploits based on aspects of it's multitude of features of which I am > completely unaware - what about PUBLIC for example ? ? > A basic security guide to disable dangerous defaults would be very welcome > --94eb2c0ef36add9ab90565f88695 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Your link is for an old version of Postgres (8.3). Current= version is 10. You can find the link for the relaive page easily, it's= on the top of the page, if you use a different version that 10 (I hope you= are not still at 8.3 !)

https://www.postgresql.org/docs/curre= nt/static/auth-pg-hba-conf.html
On Sat, Feb 24, 2018 at 3:59 PM, PG Doc comment= s form <noreply@postgresql.org> wrote:
The following documentation comment has been logged on th= e website:

Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
Description:

My=C2=A0 pg_hba.conf file gives 'cert' as an authentication method.= =C2=A0 this is not
mentioned on this page.

I think a basic pg_hba.conf to allow remote access require ssl, and to
prevent access to the postgres table would be a useful addition.
The more I see about this powerful environment the more nervous I get about=
exploits based on aspects of it's multitude of features of which I am completely unaware - what about PUBLIC for example ? ?
A basic security guide to disable dangerous defaults would be very welcome<= br>

--94eb2c0ef36add9ab90565f88695--