public inbox for [email protected]  

help / color / mirror / Atom feed

Basic security
2+ messages / 2 participants
[nested] [flat]

* Basic security
@ 2018-02-24 15:59 PG Doc comments form <[email protected]>
  2018-02-24 17:22 ` Re: Basic security Pantelis Theodosiou <[email protected]>
  0 siblings, 1 reply; 2+ messages in thread

From: PG Doc comments form @ 2018-02-24 15:59 UTC (permalink / raw)
  To: [email protected]; +Cc: [email protected]

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
Description:

My  pg_hba.conf file gives 'cert' as an authentication method.  this is not
mentioned on this page.

I think a basic pg_hba.conf to allow remote access require ssl, and to
prevent access to the postgres table would be a useful addition.
The more I see about this powerful environment the more nervous I get about
exploits based on aspects of it's multitude of features of which I am
completely unaware - what about PUBLIC for example ? ?
A basic security guide to disable dangerous defaults would be very welcome


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: Basic security
  2018-02-24 15:59 Basic security PG Doc comments form <[email protected]>
@ 2018-02-24 17:22 ` Pantelis Theodosiou <[email protected]>
  0 siblings, 0 replies; 2+ messages in thread

From: Pantelis Theodosiou @ 2018-02-24 17:22 UTC (permalink / raw)
  To: [email protected]; [email protected]

Your link is for an old version of Postgres (8.3). Current version is 10.
You can find the link for the relaive page easily, it's on the top of the
page, if you use a different version that 10 (I hope you are not still at
8.3 !)

https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html

On Sat, Feb 24, 2018 at 3:59 PM, PG Doc comments form <
[email protected]> wrote:

> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html
> Description:
>
> My  pg_hba.conf file gives 'cert' as an authentication method.  this is not
> mentioned on this page.
>
> I think a basic pg_hba.conf to allow remote access require ssl, and to
> prevent access to the postgres table would be a useful addition.
> The more I see about this powerful environment the more nervous I get about
> exploits based on aspects of it's multitude of features of which I am
> completely unaware - what about PUBLIC for example ? ?
> A basic security guide to disable dangerous defaults would be very welcome
>


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2018-02-24 17:22 UTC | newest]

Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2018-02-24 15:59 Basic security PG Doc comments form <[email protected]>
2018-02-24 17:22 ` Pantelis Theodosiou <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox