Basic security
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html Description: My pg_hba.conf file gives 'cert' as an authentication method. this is not mentioned on this page. I think a basic pg_hba.conf to allow remote access require ssl, and to prevent access to the postgres table would be a useful addition. The more I see about this powerful environment the more nervous I get about exploits based on aspects of it's multitude of features of which I am completely unaware - what about PUBLIC for example ? ? A basic security guide to disable dangerous defaults would be very welcome
Re: Basic security
Your link is for an old version of Postgres (8.3). Current version is 10. You can find the link for the relaive page easily, it's on the top of the page, if you use a different version that 10 (I hope you are not still at 8.3 !) https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html On Sat, Feb 24, 2018 at 3:59 PM, PG Doc comments form < nore...@postgresql.org> wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/8.3/static/auth-pg-hba-conf.html > Description: > > My pg_hba.conf file gives 'cert' as an authentication method. this is not > mentioned on this page. > > I think a basic pg_hba.conf to allow remote access require ssl, and to > prevent access to the postgres table would be a useful addition. > The more I see about this powerful environment the more nervous I get about > exploits based on aspects of it's multitude of features of which I am > completely unaware - what about PUBLIC for example ? ? > A basic security guide to disable dangerous defaults would be very welcome >
Re: Images in the official documentation
On Sat, Feb 24, 2018 at 4:04 AM, Peter Eisentraut wrote: > On 2/23/18 11:21, Tom Lane wrote: >> In the distant >> past, as I recall, we had a GIF or two; but we abandoned that on the >> grounds that it was unmaintainable and also incompatible with some >> documentation output formats. I'm not too sure what the state of >> play is on the latter point, now that we've switched to XML. > > The complications with the image formats in the past were mainly around > what ((pdf)jade)tex would accept. The tools have shifted a bit now, and > the zoo formats is a different one. Nothing that a few make rules > couldn't address, though, I think. > > The issue of how to manage the sources is still the same, though. SVG format is ascii based vector format. We made experimental pdf with pictures http://www.sai.msu.su/~megera/postgres/files/postgres-11-diagram.pdf (GIN AM diagram, Appendix L). Appendix L also demonstrates our sample database with step-by-step introduction to Postgres for beginners. We have a separate book for beginners, which we released under BSD license and it's available on russian/english languages. Our experience shows, that people really appreciate it. I hope we will have time at PGCon to discuss documentation somehow. > > -- > Peter Eisentraut http://www.2ndQuadrant.com/ > PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services >
Re: Images in the official documentation
Oleg Bartunov writes: > On Sat, Feb 24, 2018 at 4:04 AM, Peter Eisentraut > wrote: >> The issue of how to manage the sources is still the same, though. > SVG format is ascii based vector format. Yeah. I think where the last discussion left this was that we'd be willing to accept SVG-format figures, but we were having a hard time figuring out what tools to recommend for editing them, because available editors have no respect for readability or preserving small deltas when rewriting SVG files. regards, tom lane
