How this is done depends on how the server is hosted on the network. If you need to access your Postgres server from a remote system, as is often the case when implementing applications with multiple tiers or services, or just for remote administration using tools such as pgAdmin, you will need to use a TCP/IP network socket.Īs is generally the case when it comes to security, we want to minimize the potential attack area for anyone attempting to gain access to the system. If your application is running on the same host as the database server, give serious consideration to allowing access to the server via one or more UDS only. To offer even more flexibility, Postgres can create multiple sockets (though by default, only one is created) using the unix_socket_directories configuration option, each of which directories can have different permissions as required to segregate different users or applications and help to apply the principle of least privilege.
Sockets are always owned by the user that the Postgres server is running as. This means that access to them is subject to the same access controls as other files (though only write permission is actually needed to use the socket), and can be controlled by managing the permissions and group ownership of the socket through the unix_socket_permissions and unix_socket_group configuration options, as well as the permissions on the directory in which the socket is created. UDS are only accessible from the machine on which they are present (and therefore are not subject to direct remote attacks), and appear as special files on the file system.
On Windows they are not available at present, but will be in Postgres v13 and later. Unix Domain Sockets (UDS) are the default method for connecting to a Postgres database on Unix-like platforms. There are two ways to connect to a Postgres server via a Unix Domain Socket or a TCP/IP Socket Unix Domain Socket However for both cloud providers and co-location facilities it is essential to check that they have appropriate documentation attesting to the level of security they provide, such as SOC 2 or 3. There's little that can be done in this regard with the major cloud providers, other than to trust that they do implement the high levels of physical security that they claim. In the case that a co-location facility is used, ensure that the chosen provider has a strictly enforced security policy appropriately designed to prevent unauthorized access, and in facilities that allow users to enter, that locking racks and cages are available to keep other customers away from your hardware. This may be a privately owned server room, in which case measures can be taken to ensure that only authorized personnel can enter the room and that monitoring such as CCTV is employed. It can be extremely difficult to prevent someone with physical access to a server from gaining access to the data, but there are a number of measures that can be taken, both physical and technological.įirst and foremost, the physical access should be limited as much as possible, by ensuring the server is located in a secure facility.
As with any security configuration, follow the principle of least privilege when considering how to configure your system that is, only allow as much access as is required to implement a working system, and no more.
The first part of any security review is to look at how the server is connected to and accessed.
This article references the latest version of Postgres currently available: 12.3.Īs part of the review of the components and process of securing Postgres, we'll look at the following sections: The vast majority of the discussion will focus on features, functionality, and techniques that apply equally to both PostgreSQL and EDB Postgres Advanced Server (EPAS) however, it will also touch on a couple of features that are only available in EPAS. This article is intended as a comprehensive overview that will help you examine the security of your Postgres deployment from end to end.
Securing data is mission-critical for the success of any enterprise, as well as for the safety of its customers.