A default PostgreSQL installation can be dangerously permissive. While DBAs are diligent about setting roles and policies and privileges, true database security extends far beyond GRANT. This talk dives into critical, often-overlooked configurations and attack vectors to harden your database. This is a practical, two-part guide for engineers and DBAs ready to move beyond basics.
The first part: “Bare Minimums”, is a hands-on exploration of hardening database server itself. We start with initdb, enforce encrypted connections using hostssl, prevent password leakage in logs and configure meaningful audit trails.
The second part, “When ‘Best’ isn’t enough” explores reality that a “perfectly configured” database is not always perfectly secure. It explores how application-level vulnerabilities like SQL injection or network-level attacks like ARP spoofing can bypass your security controls, potentially compromising your data.
You will leave this talk with a checklist of hardening techniques and a broader security mindset to defend PostgreSQL instances against threats.