[Cialug] hiding a publicly accessible database server
Matthew Nuzum
newz at bearfruit.org
Thu Sep 11 13:57:11 CDT 2008
Hi, I'm conceiving an application that would like to use a centralized
postgres database. For my idea to work best it would be nice if the
application could make a connection to the postgres server on demand
without the user having to do anything. Yet I really don't want to put
the database wide open to the web. So its a conundrum.
I have an idea I know would work but is has a challenge: Use an SSH
tunnel. But for this to work, the user would have to create an SSH key
without a password and keep in on their computer. If someone else
found this key then they'd have shell access to the machine used to
tunnel the postgres connections. (the reason for no ssh password is so
that the application could initiate the ssh connection automatically)
Does anyone have a suggestion?
--
Matthew Nuzum
newz2000 on freenode
More information about the Cialug
mailing list