I wonder if anyone can come up with a solution for me. I am currently administering a posgres database and recently we have been subject to some malicious changes on our database from an unknown source.
What I am planning to do is that I want to log the IP of any request that come through to posgres. Is that possible?
I also thought of allowing access to only some specific Ip addresses but some PCs (These are mainly test PCS over an ADSL link that changes IP frequently) have dynamic IP addressing that limits this solution.
Is it possible for me to track the IP of the requests being executed on posgres?
Firstly, don't use 'trust' if you need any kind of security at all. 'trust' allows anybody and everybody full access to your database with no challenges. At the very least, use 'md5' or 'crypt' or similar. 'password' isn't a huge use, unless you have a secure and/or encrypted connection, since it sends passwords in plain text.
The entries are there only for those within our internal LAN. But since our servers are scattered over the world and also those with external access use different IP addresses from different ISPs we cannot specify their IP ranges (over 500 persons).
In fact over here our problem here is that we are being attacked by one of our previsous programmers. He wrote the front end and hard coded the username and passwords in some libraries being used. hence we are unable to change password for user postgres.
What we wanted to do now is to be able to track the IP address of all incoming requests to the postgres db. hence we will know from where he is accessing our network because as it is now our network department do not have any clue as to how he is being able to access our network.
Once we know from where he is accessing it we will know how to secure our network. As it stands now we have firewall filters monitoring all activities on all our servers with an external IP address. but this doesnt seem to be enough. I suspect he must have left a script running on the network that grants him access but cant figure out where to start looking since the network is quite big.