johnf <jfabiani@yolo.com> writes: > I have one remote user that wants to connect via DSL and a dynamic IP. I do > NOT want to open the database to all internet IP's. Of course the fear is > someone will attack and break the password for the remote user. What is the > best way I can do this? Limit the range of IPs as much as you can, and require the connection to use SSL, and maybe insist on a client certificate. regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 7: You can help support the PostgreSQL project by donating at http://www.postgresql.org/about/donate

johnf <jfabiani@yolo.com> writes: > On Wednesday 12 December 2007 09:52:48 am Tom Lane wrote: >> Limit the range of IPs as much as you can, and require the connection to >> use SSL, and maybe insist on a client certificate. > What do you mean by a cleint certificate? I'll assume it is some sort of key > that is passed to my server. But would postgres use the key? Or is this > just a way to insure user is who he say he is? I'm no expert on SSL usage, but there's some basic info here: http://www.postgresql.org/docs/8.2/static/ssl-tcp.html For the full story on SSL you'd want to visit http://www.openssl.org/ regards, tom lane ---------------------------(end of broadcast)--------------------------- TIP 1: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to majordomo@postgresql.org so that your message can get through to the mailing list cleanly