SAINTCON 2023 - Roberto Mello - Alice, this is Bob

Security

"Learn best practices for Postgres database security, including role-based access control, encryption, and secure authentication. Discover how to prevent security breaches and maintain data integrity with regular backups and monitoring."

Key takeaways
  • Database security requires attention to configuration, permissions, and backups
    • Every minor release of Postgres fixes bugs and improves security
  • Role-based access control allows for fine-grained permission management
  • Use of TLS for encryption and secure authentication
  • Secure configuration requires careful consideration of settings like superuser privileges and default role behavior
  • Monitoring and logging are essential for detecting potential security breaches
  • Regular backup and restore procedures are crucial for data integrity and availability
  • Separation of duties and least privilege principle should be implemented
  • Postgres has built-in features for logging, role-based access control, and encryption
  • Monitoring and logging can help identify security issues
  • Crusty Data has tools and tutorials for Postgres configuration and security
  • Authentication methods like LDAP and Kerberos can be used with Postgres
  • Database security is important for applications and users, including those in government and other sensitive industries
  • Configuration and permissions should be reviewed regularly to prevent security breaches

More talks

Django Logging Demystified with Lee Trout - DjangoCon US 2022

Python Software Foundation Update

A Manufacturer's Post-Shipment Approach to Fend-Off IoT Malware in Home Appliances

TSSHOCK: Breaking MPC Wallets and Digital Custodians for $BILLION$ Profit

DjangoCon Europe 2024 | KEYNOTE: AI, away from the hype

LeadDev Berlin 2022 Lusia Emme

LinkDoor: A Hidden Attack Surface in the Android Netlink Kernel Modules

Laurenz Albe: How to corrupt your database (and how to deal with data corruption) (PGConf.EU 2023)