4
1
I have a dedicated Database server which is have PostgreSQL 9.1.
This server has firewall. Only 10.0.0.3 is allowed to connect and access to this server via Firewall. All other requests from other ip's are rejected.
After allowing this IP, it goes to database server. In database server there is a user called postgres. This user has password. But, even with this, only 10.0.0.3 is allowed to connect to this database.
So basically, only 10.0.0.3 is allowed to connect and do stuff.
So, do i really need a password. Due to my custom script i want to remove password and connect directly without password. Should i do that?
At this point what is the benefits of making a password protected user for only 1 restricted IP. Should i continue to use it?
Or let me ask you with this way: If i remove password and set to "blank", what can happen -even if there is a ip restriction-?
xangr
Posted 2012-08-19T12:26:39.177
Reputation: 165
3Everyone can just assign a static IP to their system and fake their way into your system if you rely purely on IP-based restrictions. – Der Hochstapler – 2012-08-19T12:46:41.200
@OliverSalzburg Ouch. That's a problem. Actually i was thinking that right now if its possible or not. Password is necessary then. BTW, Besides password, how can i prevent them to do that? – xangr – 2012-08-19T12:48:21.083
2Well, everyone is a bit of an overstatement. They'd still have to be in your subnet. But, either way. IP-based access restrictions are useful, but should not be the only way you're securing access. If you require a password and the correct IP, you already have 2 factors. The more factors you have in authentication, the harder it will be to gain access. – Der Hochstapler – 2012-08-19T12:52:03.703
I see the point. I will look deeper into this. Thanks for the answer. If you could just add this as an answer (both replies) i can accept it. – xangr – 2012-08-19T12:57:04.787