PostgreSQL Database Security: What You Need To Know

When we are talking about database security, it encompasses different modules of different areas. It is a very vast topic because, with databases, we need need to secure the whole ecosystem, not just the database node. The figure below shows the major breakdown of the “parts” which need to be secure. It is clearly evident that the database itself is just the 1/6th part of that. You need to secure your (1) Network (2) Network Node (3) Data (4) Database (5) Users and (6) Application. A secure database means it is secure by all means.

 

PostgreSQL Security

The blog series will cover all the topics related to PostgreSQL Database Security.

PostgreSQL Database Security

The database is normally divided into Authentication, Authorization, and Accounting (AAA). The database system needs to authenticate a user, secondly, authorize what a user can do with the database, and thirdly, account for what a user did with the database. PostgreSQL is considered to be one of the most secure databases, providing AAA capabilities.

secure PostgreSQL

 

Authentication

Authentication means which user is allowed to access the database. In technical terms, which user can “log in” to the database system. PostgreSQL has a strong concept of what the authentication process should be. PostgreSQL authentication methods divide into three categories: (1) PostgreSQL Internal Authentication (2) Operating System Authentication and (3) External Server Authentication. Figure 3 shows all the supported authentication methods sorted by categories.

 

PostgreSQL Authentication

Authorization

The second part of AAA is authorization, which means after login what activity a user can perform in the database. PostgreSQL has different controls to manage the users –  what a user can and cannot do. This control can be object-based or can be row-based. Here are the main categories of PostgreSQL authorization features:

  • Role, Users, and Groups
  • GRANT/ REVOKE
  • Row Level Security

Accounting

The last and third part of AAA is accounting. After “login” to the database system, logging the activity of the user is called accounting.  The following is the list of logging categories that need to be considered.

  • Database Logging
  • Network Logging
  • Application
  • Operating System Logging

Conclusion

This blog post is the first of the PostgreSQL Security series. In this blog, I tried to cover the main overview of security, which will make the basis for my next security topics.  The next blog post will be on Authentication (PostgreSQL Internal Authentication). Stay tuned!


Our white paper “Why Choose PostgreSQL?” looks at the features and benefits of PostgreSQL and presents some practical usage examples. We also examine how PostgreSQL can be useful for companies looking to migrate from Oracle.

Download PDF

Share this post

Leave a Reply