| Lists: | pgsql-novice |
|---|
| From: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | (not so?) silly question |
| Date: | 2010-06-14 20:14:18 |
| Message-ID: | 20100614221418.55dbc4a6@anubis.defcon1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
Hi list,
Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
--
Honi soit la vache qui rit.
| From: | Andreas Kretschmer <akretschmer(at)spamfence(dot)net> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-15 04:55:45 |
| Message-ID: | 20100615045545.GA4787@tux |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
Jean-Yves F. Barbier <12ukwn(at)gmail(dot)com> wrote:
> Hi list,
>
> Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
Do you need inernet access?
Andreas
--
Really, I'm not out to destroy Microsoft. That will just be a completely
unintentional side effect. (Linus Torvalds)
"If I was god, I would recompile penguin with --enable-fly." (unknown)
Kaufbach, Saxony, Germany, Europe. N 51.05082°, E 13.56889°
| From: | Jasen Betts <jasen(at)xnet(dot)co(dot)nz> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-15 09:14:57 |
| Message-ID: | hv7gah$ion$1@reversiblemaps.ath.cx |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
On 2010-06-14, Jean-Yves F. Barbier <12ukwn(at)gmail(dot)com> wrote:
> Hi list,
>
> Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>
assuming you have secured the port using pg_hba.conf
should be safe until the next time someone finds an
openssl exploit....
| From: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-15 12:14:10 |
| Message-ID: | 20100615141410.33ecc30d@anubis.defcon1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
Le Tue, 15 Jun 2010 06:55:45 +0200,
Andreas Kretschmer <akretschmer(at)spamfence(dot)net> a écrit :
> Jean-Yves F. Barbier <12ukwn(at)gmail(dot)com> wrote:
>
> > Hi list,
> >
> > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>
> Do you need inernet access?
No, I just asked to test my new keyboard...
--
If God did not exist, it would be necessary to invent him.
-- Voltaire, "Epitres, XCVI"
| From: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-15 12:16:16 |
| Message-ID: | 20100615141616.57ab3c67@anubis.defcon1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
Le 15 Jun 2010 09:14:57 GMT,
Jasen Betts <jasen(at)xnet(dot)co(dot)nz> a écrit :
> On 2010-06-14, Jean-Yves F. Barbier <12ukwn(at)gmail(dot)com> wrote:
> > Hi list,
> >
> > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
> >
>
> assuming you have secured the port using pg_hba.conf
> should be safe until the next time someone finds an
> openssl exploit....
Ok, so AFAI understand you, the danger's the same as leaving port 22 open
on my machine?
--
X-rated movies are all alike ... the only thing they leave to the
imagination is the plot.
| From: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
|---|---|
| To: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-15 13:57:15 |
| Message-ID: | 20100615155715.08827916@anubis.defcon1 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
Le Tue, 15 Jun 2010 06:55:45 +0200,
Andreas Kretschmer <akretschmer(at)spamfence(dot)net> a écrit :
> Jean-Yves F. Barbier <12ukwn(at)gmail(dot)com> wrote:
>
> > Hi list,
> >
> > Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>
> Do you need inernet access?
Of course I need one, otherwise I wouldn't ask.
My goal is also to use the Pg server part using a client only instead of
using a client-server, witch seems logical (well, for me: why reinvent
the wheel?). <- is this realistic?
But may be I should use a double security and use a tunnel or a VPN
connection on top of this (but it will bring its part of bytes overhead.)
--
Never eat anything bigger than your head.
| From: | Andreas <maps(dot)on(at)gmx(dot)net> |
|---|---|
| To: | "Jean-Yves F(dot) Barbier" <12ukwn(at)gmail(dot)com> |
| Cc: | pgsql-novice(at)postgresql(dot)org |
| Subject: | Re: (not so?) silly question |
| Date: | 2010-06-18 16:18:48 |
| Message-ID: | 4C1B9C68.5010801@gmx.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Lists: | pgsql-novice |
Am 15.06.2010 14:16, schrieb Jean-Yves F. Barbier:
> Le 15 Jun 2010 09:14:57 GMT,
> Jasen Betts<jasen(at)xnet(dot)co(dot)nz> a écrit :
>
>
>> On 2010-06-14, Jean-Yves F. Barbier<12ukwn(at)gmail(dot)com> wrote:
>>
>>> Hi list,
>>>
>>> Is it safe to leave an internet access to SSL Pg (4096 bits key) or not?
>>>
>>>
>> assuming you have secured the port using pg_hba.conf
>> should be safe until the next time someone finds an
>> openssl exploit....
>>
> Ok, so AFAI understand you, the danger's the same as leaving port 22 open
> on my machine?
>
If you have 22 open anyway then why not using an ssh-tunnel ?
Only that ssh usually has smaller keys than 4096bits.
And SSH offers compression on the fly which might save some bytes.
Then you just have to figure out how to have your clients access PG via
SSH-tunnel but not letting them tunnel to every other port within the
server.