User: Password:
|
|
Subscribe / Log in / New account

Restricting connections? Always :-).

Restricting connections? Always :-).

Posted Apr 7, 2013 9:40 UTC (Sun) by walex (subscriber, #69836)
In reply to: A serious PostgreSQL security fix by alogghe
Parent article: A serious PostgreSQL security fix

┬źRestricting connections to a specific network is DBA 101.┬╗

That's one of the most universally true statements ever:

* Restricting connections to HTTP server port 80 and port 443 to a specific network is webadmin 101.

* Restricting connections to DNS server port 53 to a specific network is hostmaster 101.

And so on! Let's call this Mordac's Rule.

Not allowing the end users to access a DBMS at all, or only indirectly via a front-end application or web UI can be supported by the following arguments:

* Not providing a service is an excellent security idea. The disconnected computer is more "secure", and the powered off one is even more "secure".

* Providing a service via a front-end is much more "secure" than providing it via the base tool itself: because experience shows dramatically how much more "secure" PHP/... based application or web UI front-ends are than their DBMS back-ends.

* Regardless of the above points, insisting that all DBMS instance access be via front-ends and then only allowing those front-ends to connect to DBMS instances means delegating accountability for security issues to the front-end owners, and can be a career-security enhancing measure too for the DBMS owners, not merely enhancing overall system security by protecting a weak DBMS with a strong front-end.

:-) :-) :-)


(Log in to post comments)

Restricting connections? Always :-).

Posted Apr 8, 2013 13:26 UTC (Mon) by ortalo (subscriber, #4654) [Link]

Yep, but this is business 101 (equivalence with career 101).

At security 101, now I teach that an incorrect security measure is worse than no security measure at all. (Demo.hint: every security measure has a cost...)

However, business 201 reacted promptly by adjusting their security requirements to match the mechanisms chosen in first year. I never understood why they did not take advantage of the productivity enhancement offer? (Maybe because, in the end, they know how to treat security the same ways as documentation...)

Restricting connections? Always :-).

Posted Apr 9, 2013 1:24 UTC (Tue) by dskoll (subscriber, #1630) [Link]

Providing a service via a front-end is much more "secure" than providing it via the base tool itself:

Well of course it isn't. But allowing access via a front-end and direct database access is by definition less secure than only allowing the front-end because there's a larger attack surface to exploit.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds