[Postgres-xl-general] Inter-node communication - encryption/authentication

Mason Sharp msharp at translattice.com
Tue Aug 5 08:09:13 PDT 2014


On Tue, Aug 5, 2014 at 12:12 AM, Darren Cocco <darrencocco at gmail.com> wrote:

> Hi,
>
> I want to use Postgres-XL over the Internet but I am concerned for MITM and
> impersonation attacks.
>
> To mitigate that risk I would like to enable client certificate
> authentication
> and connection encryption for the communication between data nodes and
> coordinators.
>
> I could not find any way to specify this in the configuration of the data
> nodes
> or coordinators and I am wondering if this is possible.
>
> I would settle for at least encrypting the communications.
>
>


> Using a VPN(I have experience with OpenVPN) is not a solution I would like
> to
> entertain at this point and it is a last resort option due to business
> policies(getting policies changed is more painful than being flayed to
> death).
>
>
This may help:

http://files.postgres-xl.org/documentation/ssl-tcp.html

I would focus on securing communication between your applications and the
coordinators.  You could put the datanodes on their own subnet and only
allow communication between each other and the coordinators, locking those
down that way.

Regards,

-- 
Mason Sharp

TransLattice - http://www.translattice.com
Distributed and Clustered Database Solutions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.postgres-xl.org/pipermail/postgres-xl-general-postgres-xl.org/attachments/20140805/451b87f2/attachment.htm>


More information about the postgres-xl-general mailing list