Introduction to Database Security

Skip to Articles List

Over the last few months, I’ve been fortunate to give a couple of talks on PostgreSQL security. While the quality of these talks was limited to my understanding of PostgreSQL ecosystem, I discovered a couple of other recurring challenges that prevented my attendees (primarily Software Engineers) from getting the best out of them:

• Scope: There are much more topics than what a 40 minute talk, or even a 3 hour workshop could adequately cover.
• Background: Not everyone has a background in security. While I’ve always started with an introduction to core security principles, it’s still challenging to ensure everyone is on the same page.

I’m writing this series to bridge these gaps and provide a better learning path. The first two articles introduce security principles and challenges in securing databases. The remaining articles are a deep-dive on database security. While the principles are broadly applicable, I will be using PostgreSQL all throughout.

While I plan to write a separate, in-depth introduction to security for software engineers, for now, these two posts should cover the necessary foundation for you to get started. Reflecting on my talks, I could’ve done better. I hope this series does a better job at explaining database security than what I did at my talks.