Keith offers a high level review of the vectors of attack on databases and database encryption types including Data-At-Rest, Data-In-Transit, and Data-In-Use.
Risk management for Postgres. A guide to changing application user permissions so they can't delete your production database.
A guide on securing the pgBackRest user for high-security Postgres environments.
Committed to securing Postgres deployments, Crunchy Data is proud to announce this newly published CIS PostgreSQL 14 Benchmark.
Review some important security topics for databases on Kubernetes like running as an unprivileged user, data encryption, and regular software updates.
This post provides a framework for thinking through how you can confront "security questions" as you embark on your Postgres journey.
Crunchy Data has recently announced an update to the CIS PostgreSQL Benchmark by the Center for Internet Security, a nonprofit organization that provides publications around standards and best practices for securing technologies systems.
How can you get PostgreSQL to use FIPS 140-2 crypto? The answer, to some extent, depends on how rigorously you need to be able to prove your answer. If the proof required is more than a casual check, the process is not well documented as far as I can tell. Therefore I will attempt to address that deficiency here.
Secure communication for your Postgres clusters in Kubernetes by deploying them with TLS. Learn about the different TLS modes that PostgreSQL offers!
Crunchy Data is pleased to announce the publication of the Crunchy Data PostgreSQL Security Technical Implementation Guide (STIG) by the United States Defense Information Systems Agency (DISA). PostgreSQL was the first open source database to provide a published STIG, and Crunchy Data is proud to update and improve the STIG as PostgreSQL continues to advance and evolve.
Learn how pgBouncer uses SCRAM authentication for PostgreSQL!
pgBouncer is a commonly deployed and recommended connection pooler for PostgreSQL and supports a number of authentication methods including TLS/SSL client certificate authentication.
The CIS PostgreSQL 12 Benchmark continues to build upon previous versions and Crunchy Data’s efforts with the PostgreSQL Security Technical Implementation Guide.
Learn how to set up PostgreSQL certificate-based authentication with a simple Docker container recipe.
A how to guide for upgrading your PostgreSQL passwords to use SCRAM (SCRAM-SHA-256) for authentication instead of MD5.
Learn how to use the CIS Benchmark for PostgreSQL 11 to secure your PostgreSQL and automate the security verification process.
CVE-2018-1058 discusses how a PostgreSQL user can create trojans with unexpected results. Learn how to prevent this along with other security concepts.
Explore how the PostgreSQL extension crunchy_check_access helps you to understand default PostgreSQL security settings and how it impacts your users.
The PostgreSQL Global Development Group provided an out-of-cycle update release for all supported to provide a fix for the CVE-2019-10164 vulnerability. This vulnerability only affects people running PostgreSQL 10, 11 or the 12 beta, and it is effectively remediated by simply upgrading all of your PostgreSQL installations to the latest versions.
Crunchy Data recently announced an update to the CIS PostgreSQL Benchmark for PostgreSQL 10. This newly published CIS PostgreSQL 10 Benchmark joins the existing CIS Benchmarks for PostgreSQL 9.5 and 9.6 while building on our efforts with the PostgreSQL Security Technical Implementation Guide (STIG).