Professional Documents
Culture Documents
!!!2006 005 001 14762
!!!2006 005 001 14762
Christophe Pettus
PostgreSQL Experts, Inc.
PGConf EU Tallinn, November 2016
Greetings!
Christophe Pettus
CEO, PostgreSQL Experts, Inc.
thebuild.com personal blog.
pgexperts.com company website.
Twitter @Xof
christophe.pettus@pgexperts.com
The Stack.
Host system.
PostgreSQL itself.
Access to the database server.
The data in PostgreSQL.
Encryption, permissions, etc.
The application.
The Host.
No Direct SSH.
Keep up to date!
In a perfect world
Google
codespaces
pg_hba.conf
# TYPE
local
DATABASE
all
USER
all
ADDRESS
METHOD
trust
# TYPE
local
DATABASE
all
USER
all
ADDRESS
METHOD
trust
listen_address
pg_hba.conf
Passwords.
web
Connections.
Data Security.
No.
Full disk encryption is useless.
Let me say that again.
Ugh. Fine.
Per-Column Encryption.
Per-Column Techniques.
Indexing.
Not so great.
Log Everything!
BUT!
Backup Security.
Row-Level Security.
Application Security.
Application Basics.
API Hygiene
Application Testing.
Basic Infosec.
Were doomed.
Have hope!
Questions?
Christophe Pettus
@xof
thebuild.com
pgexperts.com
Thank you!
Christophe Pettus
@xof
thebuild.com
pgexperts.com