How can I secure Postgres for remote access when not in a private network?
Posted
by
orokusaki
on Server Fault
See other posts from Server Fault
or by orokusaki
Published on 2012-12-15T04:20:55Z
Indexed on
2012/12/15
5:07 UTC
Read the original article
Hit count: 374
I have a database server on a VMWare VM (Ubuntu 12.04.1 LTS server), and it just occurred to me that the server is accessible via the web, since the same physical server contains a VM that hosts public websites. My iptables in the database are such that only SSH traffic, loopback traffic, and TCP on port 5432 are allowed. I will only allow host
access to the Postgres server from the IP of the other VM on the same physical machine.
- Does this seem sufficient for security, assuming there aren't gaping holes in my general OS configuration, or is Postgres one of those services that should never be web facing, (assuming there are some of "those").
- Will I need to use
hostssl
instead ofhost
in mypg_hba.conf
, even though the data will travel only on my own network, presumably?
© Server Fault or respective owner