PostgreSQL 12 contains two new server settings: ssl_min_protocol_version ssl_max_protocol_version As the names indicate, these are used to control the oldest (minimum) and newest (maximum) version of the SSL and TLS protocol family that the server will accept. (For historical reasons, in PostgreSQL, all settings related to SSL and TLS are named ssl_something, even though TLS […]
Spectre and Meltdown have caused severe alarm in recent days. You may have read about up to 30% impact on PostgreSQL databases, which I believe to be overstated because of misunderstandings in the media. Let’s dig into this in more detail. TL;DR Summary: no PostgreSQL patch required, -7% performance hit In response to these new […]
A few days ago I’ve blogged about the common issues with roles and privileges we discover during security reviews. Of course, PostgreSQL offers many advanced security-related features, one of them being Row Level Security (RLS), available since PostgreSQL 9.5. As 9.5 was released in January 2016 (so just a few months ago), RLS is fairly […]
One of the services we offer are security reviews (or audits, if you want), covering a range of areas related to security. It may be a bit surprising, but a topic that often yields the most serious issues is roles and privileges. Perhaps the reason why roles and privileges are a frequent source of issues […]
PostgreSQL 9.5 adds declarative row security. You can declare policies on tables and have them enforced automatically – for example, allowing user joe to only see rows with the owner column equal to joe. This is a great feature, and it’s been a long time coming. It didn’t make it into PostgreSQL 9.4, but automatically […]
Ansible is simply great and PostgreSQL is surely awesome, let’s see how they work amazingly together!
In the next week I will be writing a series of posts about the row-security work I’ve been doing for PostgreSQL 9.4 as part of the EU’s AXLE project. I will be outlining the history, approaches tried, current status, remaining issues, and future work required. To open the series, I’d like to talk about what […]
You might have seen the support added for security_barrier views in PostgreSQL 9.2. I’ve been looking into that code with an eye to adding automatic update support for them as part of progressing row-level security work for the AXLE project, and I thought I’d take the chance to explain how they work. Robert already explained […]