[prev in list] [next in list] [prev in thread] [next in thread]
List: python-list
Subject: Re: Secure Postgres access
From: Reid Priedhorsky <reid () umn ! edu>
Date: 2006-09-08 1:11:22
Message-ID: pan.2006.09.08.01.11.22.368386 () umn ! edu
[Download RAW message or body]
On Wed, 06 Sep 2006 09:29:59 -0700, Paul Rubin wrote:
> Reid Priedhorsky <reid@reidster.net> writes:
>> I know how to forward ports using SSH, but I don't like doing this because
>> then anyone who knows the port number can connect to Postgres over the
>> same tunnel. (I'm not the only user on the client machine.)
>
> Wouldn't they need a database password?
Well, right now, no. I have Postgres configured to trust the OS on who is
who. I would prefer not to change that because I don't want another place
containing authentication information. I'd like to connect by entering
only my SSH password, not my SSH password and a database password too.
This is why straight SSH tunneling, as suggested by Marshall and Larry,
isn't satisfactory: once I've set up the tunnel, anyone on the local
machine can connect to the tunnel and then they have passwordless access
into the database.
I control the database machine, and the only user is me. I don't control
the local machine, and it has many users I don't trust.
Thanks,
Reid
--
http://mail.python.org/mailman/listinfo/python-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic