[nycbug-talk] Postgresql remote connection security

Peter Wright pete at nomadlogic.org
Fri Feb 2 12:05:31 EST 2007

> Hey all,
> Just putting out feelers about how you feel about the security of the
> postgresql remote connection auth types
> I am setting up a new box with a couple jails and rather than run a
> different database in each jail, I thought I would consolidate the
> databases for different applications into one postgresql instance (you
> know like a real database).
> I have control over both the client IPs and the server of course, and
> was going to use md5 auth-type.  Any concerns ?  Should I use ident ?
> It seems that if I had large numbers of users from different clients
> machines I would need ident, but I am not too clear on the difference.
> I was not planning to use SSL for all the web-site back-end connections
> (because it's all public information anyway).  But will use SSL for the
> one webmail application.  SSL protects against snooping the connection,
> but would it protect against snooping the password also?
> Anyway, sorry about these basic questions
> Just looking for thoughts,
> or to hear from others doing similar things.

Generally I think this may be a good idea (consolidating your database
instances) although there are a couple things I'd be weary of - especially
if this is in a shared hosting environment.

You may expose yourself to resource limitation "attacks" or more likely
bugs in customer written code.  I do not think postgres has a feature
similar to Oracles DRM (database resource management) that will allow you
to ensure that specific database's will have enough resources to continue
to operate - and conversely limit the amount of resources queries against
a specific DB can consume.  We use this feature as an added layer of
protection against poorly written SQL code that may starve other databases
running on our cluster.  So that's one thing to consider.

regarding auth - I'd defiantly use SSL sockets along side an encrypted
authentication scheme (md5).  I can't imagine the overhead of an SSL
socket will add that much burden to your server and clients - so why not
add another layer of security if you can?

just my 2bit's.

Peter Wright
pete at nomadlogic.org

More information about the talk mailing list