OT: Open Port to PostGreSQL -- Security issues?
Sadhunathan Nadesan
sadhu at castandcrew.com
Tue May 20 12:08:46 EDT 2008
> OK my question is: how serious a security risk is opening a port to
> PostGreSQL (or MySQL) for remote transactions.
Aloha, Swami,
Disclaimer: not my area of expertise so these are merely opinions -
Note that it is possible to restrict remote connections to specific IP
addresses. So, if you need 'in house' desktop apps built in Rev that
connect to the database, that ought to be pretty secure. You can also
choose a different port for PostgreSQL psql to listen on (rather than
the default tcp port, 5432 as I recall). And you can require a login
and password, hopefully even using ssh, to tighten it down. I.E., a Linux
login/password so it's a security model we already trust. Maybe they
even have password phrases now?
We could probably search the Postgres site for any known security gaps
and suggested seurity procedures. I suspect security is high on their
requirements list.
-- Sadhu
More information about the use-livecode
mailing list