Thread

  1. security question

    zuhans@iname.com <zuhans@iname.com> — 2004-05-11T18:09:46Z

    hello,
    
    i'm very new to postgres and have a fundamental question.
    how do i make a pg-db most secure?
    i feel, that pg_user e.g. ist something very dangerous - isn't it? if 
    someone hacks into a db, then he has lots of information at his/her 
    fingertips. is this so?
    
    what do i do to prevent my db from beeing hacked?
    
    greetings
    hans
    
    
  2. Re: security question

    Bruno Wolff III <bruno@wolff.to> — 2004-05-11T18:32:40Z

    On Tue, May 11, 2004 at 20:09:46 +0200,
      "zuhans@iname.com" <zuhans@iname.com> wrote:
    > 
    > i'm very new to postgres and have a fundamental question.
    > how do i make a pg-db most secure?
    > i feel, that pg_user e.g. ist something very dangerous - isn't it? if 
    > someone hacks into a db, then he has lots of information at his/her 
    > fingertips. is this so?
    > 
    > what do i do to prevent my db from beeing hacked?
    
    If you don't need to provide direct access to the database from remote
    hosts, only allow connections using domain sockets.
    
    
  3. Re: security question

    Mike Nolan <nolan@gw.tssi.com> — 2004-05-11T19:33:49Z

    > i'm very new to postgres and have a fundamental question.
    > how do i make a pg-db most secure?
    > i feel, that pg_user e.g. ist something very dangerous - isn't it? if 
    > someone hacks into a db, then he has lots of information at his/her 
    > fingertips. is this so?
    > 
    > what do i do to prevent my db from beeing hacked?
    
    If you want to make sure it is never hacked into, here are two
    suggestions:
    
    1.  Don't connect it to a computer network or phone line.
    2.  Don't turn it on.
    
    Seriously, most of the risks are NOT application or database-specific.  
    
    In other words, if a hacker can get to your computer, it almost definitely
    isn't postgreSQL's fault, and there may not be much you can do about it
    from a database perspective once the hacker gets in.  If the hacker can 
    get dba, sysadmin or root access, you're fully compromised.
    
    PostgreSQL has a number of security features in it to control access
    privileges for both local and remote (networked) users, as do most 
    major database platforms.  If you are a DBA, you need to be aware of 
    these, most of them are fairly well documented in the online manual 
    on postgresql.org.  Specifically read the sections on GRANT and
    on hba_conf.
    --
    Mike Nolan
    
    
    
    
    
    
  4. Re: security question

    scott.marlowe <scott.marlowe@ihs.com> — 2004-05-11T20:00:11Z

    On Tue, 11 May 2004, zuhans@iname.com wrote:
    
    > hello,
    > 
    > i'm very new to postgres and have a fundamental question.
    > how do i make a pg-db most secure?
    > i feel, that pg_user e.g. ist something very dangerous - isn't it? if 
    > someone hacks into a db, then he has lots of information at his/her 
    > fingertips. is this so?
    > 
    > what do i do to prevent my db from beeing hacked?
    
    Hiding what is in pg_user (note the password field is blanked out) would 
    qualify as obscurity, not security.  Security is provided by things like 
    checking the connection libraries postgresql uses to make sure there are 
    no buffer overflows or that things that would let a user gain unauthorized 
    access are not in place.
    
    This topic comes up about once every three months, with someone thinking 
    that being able to see the database schema represents a security threat.
    
    obscurity <> security
    
    PostgreSQL is, as far as I've been able to ascertain, quite secure, as 
    long as you've configured it properly.  
    
    For instance, having authentication set to trust means that anyone can 
    become anyone else.  That's fine if you and two other dbas are the only 
    people who connect to the machine, but in an environment were hundreds of 
    users may be using the database cluster, you can't rely on trust anymore, 
    and have to go to md5 passwords or ident authentication.
    
    Forcing users to connect via SSL with md5 passwords is generally 
    considered the most secure method for connections.
    
    What a user can see of the rest of the database is not a security issue, 
    though in an environment with thousands of users, it could be a usability 
    issue, where someone has to look through hundreds and hundreds of tables 
    to find their own.
    
    Which is why seperate databases and / or schemas are often used.
    
    But in general, PostgreSQL is very well designed and quite secure.