Security in DB application
Posted on 2008-10-27
I need suggestions concerning securing a database application.
My application connects to a PostGreSQL database that resides on a server on the web. Besides the username+password that I use , I need suggestions about how to make it more secure.
PostgreSQL uses a pg_hba.conf file where I can specify which IP is allowed to connect to the database. But since many clients use ADSL with dynamic IP, I cannot use that conf file to restrict the computers that are allowed to connect.
I am thinking of using a different database (mysql) for authentication, but it's not quite clear to me yet. Perhaps one of you has something similar with this situation and perhaps you don't mind sharing a few ideas with me.