Re: [HACKERS] What goes into the security doc?

[Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>]

Now that we are in beta, does someone want to tackle a "security"
section in the docs?


---------------------------------------------------------------------------

Dan Langille wrote:
> With reference to my post to the "PostgreSQL Password Cracker" on
> 2003-01-02, I've promised to write a security document for the project.
> Here it is, Sunday night, and I can't sleep.  What better way to get there
> than start this task...
> 
> My plan is to write this in very simple HTML.  I will post the draft
> document on my website and post the URL here from time to time for
> feedback. Please make suggestions for content.  So far, I will cover these
> items:
> 
> - .pgpass (see
> http://developer.postgresql.org/docs/postgres/libpq-files.html)
> - local connections
> - remote connections (recommending SSL)
> - pg_hba (only in passing, most of that is at
> http://www.postgresql.org/idocs/index.php?client-authentication.html)
> - running the postmaster as a specific user
> 
> That doesn't sound like much.  Surely you can think of something else to
> add.  Should I post this to another list for their views?
> 
> OK, that's done it.  I'm ready for sleep now.
> 
> 
> ---------------------------(end of broadcast)---------------------------
> TIP 5: Have you checked our extensive FAQ?
> 
> http://www.postgresql.org/users-lounge/docs/faq.html
> 

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073