Results 1 to 4 of 4
  1. #1
    Join Date
    Dec 2005
    Posts
    2

    Question Unanswered: Postgres Security

    Hello all,

    I wonder if anyone can come up with a solution for me. I am currently administering a posgres database and recently we have been subject to some malicious changes on our database from an unknown source.

    What I am planning to do is that I want to log the IP of any request that come through to posgres. Is that possible?

    I also thought of allowing access to only some specific Ip addresses but some PCs (These are mainly test PCS over an ADSL link that changes IP frequently) have dynamic IP addressing that limits this solution.

    Is it possible for me to track the IP of the requests being executed on posgres?

    We are currently set to trust authentication.

    Any suggestion is most welcomed.

    Thanks..

  2. #2
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    15
    Firstly, don't use 'trust' if you need any kind of security at all. 'trust' allows anybody and everybody full access to your database with no challenges. At the very least, use 'md5' or 'crypt' or similar. 'password' isn't a huge use, unless you have a secure and/or encrypted connection, since it sends passwords in plain text.

    Secondly, read the Client Authentication docs!

    Thirdly, you can restrict connections to single IPs or ranges of IPs. You do so by specifying an IP and an IP mask. See the above link.

  3. #3
    Join Date
    Dec 2005
    Posts
    2
    The entries are there only for those within our internal LAN. But since our servers are scattered over the world and also those with external access use different IP addresses from different ISPs we cannot specify their IP ranges (over 500 persons).

    In fact over here our problem here is that we are being attacked by one of our previsous programmers. He wrote the front end and hard coded the username and passwords in some libraries being used. hence we are unable to change password for user postgres.

    What we wanted to do now is to be able to track the IP address of all incoming requests to the postgres db. hence we will know from where he is accessing our network because as it is now our network department do not have any clue as to how he is being able to access our network.

    Once we know from where he is accessing it we will know how to secure our network. As it stands now we have firewall filters monitoring all activities on all our servers with an external IP address. but this doesnt seem to be enough. I suspect he must have left a script running on the network that grants him access but cant figure out where to start looking since the network is quite big.

    Thanks...

  4. #4
    Join Date
    Nov 2003
    Location
    Canada
    Posts
    15
    Take a look at the Run-time Configuration documentation. There's a section on logging, with options for logging connections and specifying custom log lines to show remote IP and other information.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •