When we are talking about database security, it encompasses different modules of different areas. It is a very vast topic because, with databases, we need need to secure the whole ecosystem, not just the database node. The figure below shows the major breakdown of the “parts” which need to be secure. It is clearly evident that the database itself is just the 1/6th part of that. You need to secure your (1) Network (2) Network Node (3) Data (4) Database (5) Users and (6) Application. A secure database means it is secure by all means.
The blog series will cover all the topics related to PostgreSQL Database Security.
PostgreSQL Database Security
The database is normally divided into Authentication, Authorization, and Accounting (AAA). The database system needs to authenticate a user, secondly, authorize what a user can do with the database, and thirdly, account for what a user did with the database. PostgreSQL is considered to be one of the most secure databases, providing AAA capabilities.
Authentication means which user is allowed to access the database. In technical terms, which user can “log in” to the database system. PostgreSQL has a strong concept of what the authentication process should be. PostgreSQL authentication methods divide into three categories: (1) PostgreSQL Internal Authentication (2) Operating System Authentication and (3) External Server Authentication. Figure 3 shows all the supported authentication methods sorted by categories.
The second part of AAA is authorization, which means after login what activity a user can perform in the database. PostgreSQL has different controls to manage the users – what a user can and cannot do. This control can be object-based or can be row-based. Here are the main categories of PostgreSQL authorization features:
- Role, Users, and Groups
- GRANT/ REVOKE
- Row Level Security
The last and third part of AAA is accounting. After “login” to the database system, logging the activity of the user is called accounting. The following is the list of logging categories that need to be considered.
- Database Logging
- Network Logging
- Operating System Logging
This blog post is the first of the PostgreSQL Security series. In this blog, I tried to cover the main overview of security, which will make the basis for my next security topics. The next blog post will be on Authentication (PostgreSQL Internal Authentication). Stay tuned!
Our white paper “Why Choose PostgreSQL?” looks at the features and benefits of PostgreSQL and presents some practical usage examples. We also examine how PostgreSQL can be useful for companies looking to migrate from Oracle.