Thread: security question
hello, i'm very new to postgres and have a fundamental question. how do i make a pg-db most secure? i feel, that pg_user e.g. ist something very dangerous - isn't it? if someone hacks into a db, then he has lots of information at his/her fingertips. is this so? what do i do to prevent my db from beeing hacked? greetings hans
On Tue, May 11, 2004 at 20:09:46 +0200, "zuhans@iname.com" <zuhans@iname.com> wrote: > > i'm very new to postgres and have a fundamental question. > how do i make a pg-db most secure? > i feel, that pg_user e.g. ist something very dangerous - isn't it? if > someone hacks into a db, then he has lots of information at his/her > fingertips. is this so? > > what do i do to prevent my db from beeing hacked? If you don't need to provide direct access to the database from remote hosts, only allow connections using domain sockets.
> i'm very new to postgres and have a fundamental question. > how do i make a pg-db most secure? > i feel, that pg_user e.g. ist something very dangerous - isn't it? if > someone hacks into a db, then he has lots of information at his/her > fingertips. is this so? > > what do i do to prevent my db from beeing hacked? If you want to make sure it is never hacked into, here are two suggestions: 1. Don't connect it to a computer network or phone line. 2. Don't turn it on. Seriously, most of the risks are NOT application or database-specific. In other words, if a hacker can get to your computer, it almost definitely isn't postgreSQL's fault, and there may not be much you can do about it from a database perspective once the hacker gets in. If the hacker can get dba, sysadmin or root access, you're fully compromised. PostgreSQL has a number of security features in it to control access privileges for both local and remote (networked) users, as do most major database platforms. If you are a DBA, you need to be aware of these, most of them are fairly well documented in the online manual on postgresql.org. Specifically read the sections on GRANT and on hba_conf. -- Mike Nolan
On Tue, 11 May 2004, zuhans@iname.com wrote: > hello, > > i'm very new to postgres and have a fundamental question. > how do i make a pg-db most secure? > i feel, that pg_user e.g. ist something very dangerous - isn't it? if > someone hacks into a db, then he has lots of information at his/her > fingertips. is this so? > > what do i do to prevent my db from beeing hacked? Hiding what is in pg_user (note the password field is blanked out) would qualify as obscurity, not security. Security is provided by things like checking the connection libraries postgresql uses to make sure there are no buffer overflows or that things that would let a user gain unauthorized access are not in place. This topic comes up about once every three months, with someone thinking that being able to see the database schema represents a security threat. obscurity <> security PostgreSQL is, as far as I've been able to ascertain, quite secure, as long as you've configured it properly. For instance, having authentication set to trust means that anyone can become anyone else. That's fine if you and two other dbas are the only people who connect to the machine, but in an environment were hundreds of users may be using the database cluster, you can't rely on trust anymore, and have to go to md5 passwords or ident authentication. Forcing users to connect via SSL with md5 passwords is generally considered the most secure method for connections. What a user can see of the rest of the database is not a security issue, though in an environment with thousands of users, it could be a usability issue, where someone has to look through hundreds and hundreds of tables to find their own. Which is why seperate databases and / or schemas are often used. But in general, PostgreSQL is very well designed and quite secure.