No Excuses PostgreSQL Security

In most environments, a newly initialized PostgreSQL cluster is nowhere near a secure configuration that an organization will be willing to deploy to production.

There are a number of relatively simple configuration changes that an administrator can quickly deploy to increase the security and deployability of a new cluster.

This presentation and live demo will rapidly explain and demonstrate several such configuration changes including: logging user authentication and query activity, securely changing user passwords, enabling SSL, requiring secure client connections, and more.

The presentation will begin with the initialization of a new PostgreSQL cluster (initdb without -A option) to demonstrate the default settings of a new cluster.

The presentation will continue with the speaker quickly explaining and changing the easiest configuration changes that can be made to enhance the cluster security. (Installing ssl certs and enabling ssl, forcing psql client and PGAdmin to use SSL, logging user connections and disconnections, logging queries with errors, and whatever other changes time allows.)

The presentation will conclude with the speaker making a list of additional security recommendations for a production database for which there is not time to adequately demonstrate. (Examples: Use of schemas to isolate users to specific namespaces, etc)