We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Securing Your Data On PostgreSQL

7
 Cite
 Share
 Download
 Purchase
No logo availablePGCon - PostgreSQL Conference for Users and Developers
 Singh, Payal

Formal Metadata

Title
Securing Your Data On PostgreSQL
Title of Series
Number of Parts
37
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
The first concern anyone has when moving their data on a FOSS RDBMS like Postgres is whether or not it has the security features their data needs. This talk will cover the various features that Postgres provides for data security, from the very basic to the most advanced. Postgres has a variety of features to secure your data in a multitude of ways, each suitable for a specific set of use cases. The goal of this talk is not just to lay out the features available to secure your data, but also to give an idea of when to leverage these features, and how best to implement it. This session will also cover some of the upcoming security features in Postgres 11, and a few gotchas with the existing features This talk will cover the various features that Postgres provides for data security, from the very basic to the most advanced. While most applications are aware of the minimum basic security features and use them, there is often a lack of understanding about how best to manage them, especially with major security features being released with every major version of Postgres. As for advanced features, sadly most of them go unnoticed and unused in most cases. The topics that will be covered are: Host Based Authentication in Postgres, types of authentications available, and how this differs from the way other RDBMS manage users and authentications, especially MySQL. Peculiarities of Postgres in permissions and ACL. Setting up and using SSL/TLS for connections and certificate management Row-level security Event triggers Implementing PCI security standards for storing credit card data. Using appropriate filesystem permissions Encrypting your data stored in Postgres Implementing table level auditing with minimal storage requirements within the database, and other alternatives for auditing. Reviewing and rejecting SQL injections Other PostgreSQL security features Tips to leverage additional tools in the cloud if you are using postgres as a service (E.g. PostgreSQL RDS by AWS) Upcoming security features in Postgres 11 Features that Postgres currently lacks, and gotchas in existing features. The speaker will also discuss recommended monitoring to ensure security implementations set up are working as intended, especially with PCI. The primary intent of this talk is to spread information about security features in Postgres, and the right way to implement them. There seems to be a lot of comparisons between security features of various RDBMS, but few would disagree with the view that the best way to decide the right one to use is by thorough knowledge of what each provides. And this talk aims to do just that for Postgres and data security.