On 02/06/10 08:06, Ken Tanzer wrote: > Somehow, exposing my database ports to the internet scares me more than > any (possibly crazy) stuff I'm trying to do. :)
Why? Surely it's less scary than exposing ssh+shell access (!!), even if you think the shell is locked down to running only a crippled version of psql. You can use SSL with client certificates to lock down access to the database if you don't trust simple SSL-protected username/password authentication alone. Given the choice, I'd expose Pg to the Internet _any_ day before even considering exposing semi-public ssh access when I didn't absolutely have to. > But seriously I think I need to give them accounts--I'm setting up > online instances of a web app, so they have a set of (editable) PHP > files, possibly some storage, a log file, etc. It seemed that setting > each up as its own user was better than going through some uber-process > that had access to all the files. Sounds like you need to provide them with a web interface to do the work, and have the web app talk to Pg. -- Craig Ringer -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
