Re: Secure Postgres access

2006-09-10 Thread [EMAIL PROTECTED]
Paul Rubin wrote: > Reid Priedhorsky <[EMAIL PROTECTED]> writes: > > B) Work machine. Run by others, many users. I'd like to also run my > > database client (Python) here. > > Well, just how much do you distrust that machine? If you think it's > totally pwned by attackers who will stop at nothing

Re: Secure Postgres access

2006-09-09 Thread Paul Rubin
Reid Priedhorsky <[EMAIL PROTECTED]> writes: > B) Work machine. Run by others, many users. I'd like to also run my > database client (Python) here. Well, just how much do you distrust that machine? If you think it's totally pwned by attackers who will stop at nothing to subvert your client, you s

Re: Secure Postgres access

2006-09-09 Thread Reid Priedhorsky
On Thu, 07 Sep 2006 18:36:32 -0700, Paul Rubin wrote: > Reid Priedhorsky <[EMAIL PROTECTED]> writes: >> > Wouldn't they need a database password? >> >> Well, right now, no. I have Postgres configured to trust the OS on who is >> who. > > You trust the OS on the client machine, but not the clien

Re: Secure Postgres access

2006-09-07 Thread Paul Rubin
Paul Rubin writes: > You'd use SCM_CREDENTIALS to > authenticate the user ID, then send the Postgres client's originating > TCP port number over the Unix socket, and that would tell the SSH > client that it could then start forwarding the TCP packets. Yucch, > this is me

Re: Secure Postgres access

2006-09-07 Thread Paul Rubin
Reid Priedhorsky <[EMAIL PROTECTED]> writes: > > Wouldn't they need a database password? > > Well, right now, no. I have Postgres configured to trust the OS on who is > who. You trust the OS on the client machine, but not the client machine's users? Does it run identd? Maybe you could use that

Re: Secure Postgres access

2006-09-07 Thread Reid Priedhorsky
On Wed, 06 Sep 2006 09:29:59 -0700, Paul Rubin wrote: > Reid Priedhorsky <[EMAIL PROTECTED]> writes: >> I know how to forward ports using SSH, but I don't like doing this because >> then anyone who knows the port number can connect to Postgres over the >> same tunnel. (I'm not the only user on the

Re: Secure Postgres access

2006-09-06 Thread Larry Bates
Reid Priedhorsky wrote: > Hi folks, > > I would like to access a remote Postgres server from a Python program in a > secure way. Postgres doesn't currently listen to the Internet for > connections, and I'd prefer to keep it that way. > > I know how to forward ports using SSH, but I don't like doi

Re: Secure Postgres access

2006-09-06 Thread Marshall
Can't you limit SSH tunneling access to the IP and/or MAC that you want to access ? It's simplest than any other solution. -- http://mail.python.org/mailman/listinfo/python-list

Re: Secure Postgres access

2006-09-06 Thread Paul Rubin
Reid Priedhorsky <[EMAIL PROTECTED]> writes: > I know how to forward ports using SSH, but I don't like doing this because > then anyone who knows the port number can connect to Postgres over the > same tunnel. (I'm not the only user on the client machine.) Wouldn't they need a database password? -

Secure Postgres access

2006-09-06 Thread Reid Priedhorsky
Hi folks, I would like to access a remote Postgres server from a Python program in a secure way. Postgres doesn't currently listen to the Internet for connections, and I'd prefer to keep it that way. I know how to forward ports using SSH, but I don't like doing this because then anyone who knows