CHAPTER 26

Securing PostgreSQL

The following steps should be taken to ensure a secure PostgreSQL deployment:

1. Make entries in the pg_hba.conf file as restrictive as possible. PostgreSQL installs with network access disabled by default. Most deployment scenarios require it to be accessible remotely. The pg_hba.conf should be written according to the following considerations:
   • Specify individual hosts as opposed to network ranges (or worse still, all hosts) unless it is a reject rule.
   • Make use of specific reject rules (placed at the top of the list of rules) to always prevent access from certain network ranges to specific databases.
   • Enforce SSL; this is discussed in more detail in Step 2.
   • Use specific username-database name pairs as an extra layer of access control.
   • Do not use weak authentication types such as trust, password, or ident. Use md5 in place of crypt.
2. Enable SSL and use client certificates.
   • SSL should be enforced via the pg_hba.conf rules. You can find additional information in the PostgreSQL documentation, under “Secure TCP/IP Connections with SSL.”
   • Alternatively, Stunnel can be used to create a secure tunnel. Stunnel is a small application that acts an SSL wrapper; it is simple to configure it to use client certificates. You can download Stunnel from http://www.stunnel.org.
   • You can find a how-to describing using PostgreSQL with Stunnel at http://cfm.gs.washington.edu/~adioso/HOWTO/PostgreSQL/StunnelPostgreSQL.xml.
3. Run on a single user system.
   • PostgreSQL was designed ...