Best security practices for installing pgSQL with my software
My software package will install PostGreSQL on the server, and clients will
connect to it with a windows smart client application. What would be the
best way to keep the PostGreSQL usernames and passwords secure?
I will be doing a silent install of the database, and obviously this will
require a service username and password. Should I hardcode the service
username and password? Or should I let the person installing the software
enter their own username and password for the server?
Also, what should I do when it comes to the actual user for the database?
How should I handle these details? This software will be installed on many
different Pc's by many different people.
Can I use OpenSSL to secure communications between the clients and the
server?
Thanks
Hi Harald,
The program will have a database on the local PC, and be able to connect to
the server database as well. Eventually they will synchronise the email,
contacts etc.
I need the database on the local PC so the user can take their PC/laptop
home and still work.
Do you think a direct connection to the database port using SSL will be
suitable for this kind of scenario?
From: Harald Armin Massa [mailto:haraldarminmassa@gmail.com]
Sent: 12 June 2006 11:24 AM
To: Greg
Subject: Re: [GENERAL] Best security practices for installing pgSQL with my
software
Hello Greg!
I will be doing a silent install of the database, and obviously this will
require a service username and password. Should I hardcode the >service
username and password? Or should I let the person installing the software
enter their own username and password for the >server?
Are you sure you want to do a silent install of a database on a server? That
is, do you have THAT many servers that it would be justified?
You are aware that you do NOT need to install PostgreSQL on a client to
access the server? Only a very very very tiny library is enough for that
(those three "very" are after installing Oracle "Instant Client" with 35MB)
Can I use OpenSSL to secure communications between the clients and the
server?
Yes.
Harald
--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
on different matter:
did you ever dream of visiting CERN? The place where the antimatter for
exploding Vatican is created? To eat in cantinas
with the worlds highest propability to stand in queue with future or past
Nobel Prize Winners? To talk about Web 2.5 at the place where Web 0.1 up to
Web 1.0 were developed? register at www.europython.org!
Import Notes
Reply to msg id not found: 7be3f35d0606120223j2790ab3bh6679724f6625b81a@mail.gmail.com
Greg,
The program will have a database on the local PC, and be able to connect to
the server database as well. Eventually they will synchronise the email,
contacts etc.
aaah. Like Lotus Notes.
I need the database on the local PC so the user can take their PC/laptop
home and still work.
Yes, now it is clear.
Do you think a direct connection to the database port using SSL will be
suitable for this kind of scenario?
I guess the connection between client and server should be the least of your
concerns in this scenario :) Of course you can connect via SSL, that is
explicitly supported by PostgreSQL.
The challenges begin with the key infrastructure, the synchronization, the
network, the ports, the installation of Databases on a lot of client
computers in an automated fashion etc., the access rights et. all
It took me around a year to get that working :); so better start now.
Best wishes and good luck,
Harald
--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
on different matter:
did you ever dream of visiting CERN? The place where the antimatter for
exploding Vatican is created? To eat in cantinas
with the worlds highest propability to stand in queue with future or past
Nobel Prize Winners? To talk about Web 2.5 at the place where Web 0.1 up to
Web 1.0 were developed? register at www.europython.org!