[Previo por Fecha] [Siguiente por Fecha] [Previo por Hilo] [Siguiente por Hilo]
[Hilos de Discusión] [Fecha] [Tema] [Autor]Hace algunos dias, discutiamos sobre el almacenamiento encripatdo de
postgres...
Aqui mando un correin que no resuleve la duda en cuestion, pero da algunas
luces para alguien que quiera implementar una solucion alternativa
(encriptar la transmision)
Saludines
David Martinez Cuevas
Office 622-60-80 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Home 565-25-17 "Eat Linux, Drink Linux... SMOKE LINUX "
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
---------- Forwarded message ----------
Date: Thu, 10 Jun 1999 11:09:29 +0200 (MET DST)
From: Jan Wieck <wieck en debis com>
Reply-To: Jan Wieck <jwieck en debis com>
To: Brian Baquiran <brianb en evoserve com>
Cc: pgsql-admin en hub org
Subject: Re: [ADMIN] Encrypted connections to Postgres
>
> I'm talking with the boss about Postgres and the conversation turned to
> security. What kind of security features does Postgres have? I'm aware of the
> host-based authentication in pg_hba.conf. Are the actual connections to the
> database (SQL queries and what they return) encrypted?
The fe-/be-protocol isn't crypted.
You could use ssh in background with -L to establish crypted
connections. The scenario would look like:
local system Network db-server
-----------------------------|----------|-------------------------
ssh.in_background ---------> sshd
dbclient -> ssh.port_5439 -crypted-> sshd.remote -> postmaster
You cannot use pg_hba.conf any more, because the socket
connection between the remote sshd and the postmaster would
allways look as if it's coming from root on the db-server.
But any packet transferred on the network is crypted, so
sending passwords isn't a problem any more.
Jan
--
#======================================================================#
# It's easier to get forgiveness for being wrong than for being right. #
# Let's break this rule - forgive me. #
#========================================= wieck en debis com (Jan Wieck) #