security Archives - 2ndQuadrant

Posts

Migration to PostgreSQL [Webinar]

July 8, 2020/0 Comments/in Liaqat's PlanetPostgreSQL, Webinars /by Liaqat Andrabi

Among the many reasons to Migrate to PostgreSQL, dedicated support and seamless transition are key drivers for a business considering migration. Being open-source software, PostgreSQL provides a highly reliable, stable, scalable, and secure database migration, keeping in mind the unique needs of every business. Migration to PostgreSQL, however, can still be an extensive process as […]

Security and Compliance with PostgreSQL [Webinar]

May 5, 2020/0 Comments/in Liaqat's PlanetPostgreSQL, Webinars /by Liaqat

For businesses handling personal data, the security of their database is a serious matter. Faced with an increasing number of attacks, organizations must improve their security and compliance policies, enhance their database infrastructure, and ensure all proper security protocols are in place. As part of the ongoing PostgreSQL Webinar Series, 2ndQuadrant hosted a webinar on […]

A tale of password authentication methods in PostgreSQL

April 27, 2020/0 Comments/in Eisentraut's PlanetPostgreSQL, PostgreSQL /by Peter Eisentraut

Let’s say you want to implement a password authentication method in a client/server protocol. How would you do that and what would be the possible problems? The following is the story of how this was done in PostgreSQL. password In the beginning, PostgreSQL only had the method that is now known as “password” in pg_hba.conf. […]

PostgreSQL is the worlds’ best database

March 23, 2020/1 Comment/in 2ndQuadrant, Kirk’s PlanetPostgreSQL, PostgreSQL /by Kirk Roybal

The title is not clickbait or hyperbole. I intend to prove that by virtue of both design and implementation that PostgreSQL is objectively and measurably a better database than anything currently available, with or without money considerations. How in the world can I claim and justify such a lofty statement? Read on, gentle nerd. I […]

How to Protect Your PostgreSQL Databases from Cyberattacks with SQL Firewall

March 11, 2020/2 Comments/in 2ndQuadrant, PostgreSQL, Sadeq's PlanetPostgreSQL /by Sadequl Hussain

In today’s world, organizations increasingly face an unprecedented level of threat of cyberattacks against their information assets. Cyberattacks can come in many forms. One such attack is called SQL injection. With SQL injection, rogue players target the backend database of any system. Usually, these systems are public-facing. Hackers try to send seemingly innocuous and regular […]

Setting SSL/TLS protocol versions with PostgreSQL 12

November 17, 2019/2 Comments/in 2ndQuadrant /by Peter Eisentraut

PostgreSQL 12 contains two new server settings:: ssl_min_protocol_version ssl_max_protocol_version As the names indicate, these are used to control the oldest (minimum) and newest (maximum) version of the SSL and TLS protocol family that the server will accept. (For historical reasons, in PostgreSQL, all settings related to SSL and TLS are named ssl_something, even though TLS […]

Webinar: Using SSL with PostgreSQL and pgbouncer [Follow Up]

November 14, 2019/0 Comments/in 2ndQuadrant, Webinars /by Liaqat Andrabi

Securing data in motion is a necessity in today’s world. PostgreSQL provides a way to encrypt and authenticate communication by using a Secure Sockets Layer or SSL protocol. 2ndQuadrant hosted a webinar to give an introduction on using SSL, encryption and authentication methods, and how to successfully configure and deploy SSL with PostgreSQL. The webinar […]

PostgreSQL with passphrase-protected SSL keys under systemd

April 8, 2019/0 Comments/in Eisentraut's PlanetPostgreSQL /by Peter Eisentraut

PostgreSQL supports SSL, and SSL private keys can be protected by a passphrase. Many people choose not to use passphrases with their SSL keys, and that’s perhaps fine. This blog post is about what happens when you do have a passphrase. If you have SSL enabled and a key with a passphrase and you start […]

Databases vs. encryption

December 5, 2018/10 Comments/in 2ndQuadrant, Tomas' PlanetPostgreSQL /by Tomas Vondra

Let’s assume you have some sensitive data, that you need to protect by encryption. It might be credit card numbers (the usual example), social security numbers, or pretty much anything you consider sensitive. It does not matter if the encryption is mandated by a standard like PCI DSS or if you just decided to encrypt […]

PG Phriday: Securing PgBouncer

April 20, 2018/0 Comments/in Shaun's PlanetPostgreSQL /by Shaun Thomas

We all love PgBouncer. It’s a great way to multiplex tens, hundreds, or even thousands of client connections to a small handful of Postgres sessions. What isn’t necessarily so endearing, is that it can’t pass authentication from itself to Postgres, as each Postgres session may exist before the connection to PgBouncer is established. Or can […]