Paul Ramsey
Paul Ramsey
With PostGIS 3.0, it is now possible to generate GeoJSON features directly without any intermediate code, using the new function. The GeoJSON format is a common transport format, between servers and web clients, and even between components of processing chains. Being able to create useful GeoJSON is important for integrating different parts in a modern geoprocessing application. PostGIS has had an for forever, but it does slightly less than most users really need: it takes in a PostGIS geo...
Read MoreJonathan S. Katz
Jonathan S. Katz
One of the reasons that PostgreSQL supports many authentication methods is to help ensure that it can work with multiple external identity management providers. While a lot of people are familiar with having PostgreSQL request a password for logging in, there are other ways to facilitate the management of user authentication depending on your deployment requirements. One method that can be used in larger enterprise environments is using certificates to authenticate between a PostgreSQL clien...
Read MoreAndrew L'Ecuyer
Andrew L'Ecuyer
The Crunchy PostgreSQL Operator supports various forms of storage for provisioning PostgreSQL clusters in a Kubernetes environment. One such provider is Rook , which provides an abstract layer around multiple storage systems available in Kubernetes, which makes it even more convenient to choose between multiple storage engines. One storage engine that Rook supports is Ceph , which provides several types of distributed storage platforms including block-level storage, which is very helpful f...
Read MoreJonathan S. Katz
Jonathan S. Katz
In a lot of PostgreSQL environments, it’s common practice to protect user accounts with a password. Starting with PostgreSQL 10, the way PostgreSQL manages password-based authentication got a major upgrade with the introduction of SCRAM authentication , a well-defined standard that is a significant improvement over the current system in PostgreSQL. What’s better is that almost all PostgreSQL drivers now support this new method of password authentication, which should help drive further adop...
Read MorePaul Ramsey
Paul Ramsey
One of the most popular features of PostGIS 2.5 was the introduction of the "vector tile" output format, via the ST_AsMVT() function. Vector tiles are a transport format for efficiently sending map data from a server to a client for rendering. The vector tile specification describes how raw data are quantized to a grid and then compressed using delta-encoding to make a very small package. Prior to ST_AsMVT() , if you wanted to produce vector tiles from PostGIS you would use a rendering prog...
Read MoreDouglas Hunley
Douglas Hunley
Crunchy Data has recently announced an update to the CIS PostgreSQL Benchmark by the Center for Internet Security , a nonprofit organization that provides publications around standards and best practices for securing technologies systems. This newly published CIS PostgreSQL 11 Benchmark joins the existing CIS Benchmarks for PostgreSQL 9.5 , 9.6 , and 10 while continuing to build upon Crunchy Data's efforts with the PostgreSQL Security Technical Implementation Guide (PostgreSQL STIG )....
Read MoreJoe Conway
Joe Conway
In Part 1 of this blog, we covered quite a bit of information with respect to how a PostgreSQL database is initially configured by default from the perspective of discretionary access control. We also saw how to inspect those default behaviors using the crunchy_check_access extension. In Part 2, we will explore the situation identified in CVE-2018-1058 and discuss how to protect yourself. Finally we have come to the Pièce De Résistance! CVE-2018-1058 describes how a user can create object...
Read MoreJoe Conway
Joe Conway
Recently I gave a "deep dive" talk on the topic of PostgreSQL security, and I wanted to capture one part of that content into a blog since this format is both better for making that content stand on its own and for expanding on it a bit. Specifically, in this two-part blog, we will cover a PostgreSQL extension that I wrote called crunchy_check_access -- the motivation behind it and what it does -- and then use that extension to probe and understand the consequences of the default, out of the...
Read MoreJonathan S. Katz
Jonathan S. Katz
The PostgreSQL Global Development Group provided an out-of-cycle update release for all supported to provide a fix for the CVE-2019-10164 vulnerability. This vulnerability only affects people running PostgreSQL 10, 11 or the 12 beta, and it is effectively remediated by simply upgrading all of your PostgreSQL installations to the latest versions. What follows is some more insight about what this vulnerability is, the impact it can have in your environment, how to ensure you have patched all of...
Read MorePatrick McLaughlin
Patrick McLaughlin
The Crunchy PostgreSQL Operator 4.0 provides an open source PostgreSQL-as-a-Service for Kubernetes platform. This post provides some easy steps to help you get started, specifically deploying the Crunchy PostgreSQL Operator in Google Kubernetes Engine ( GKE ) making use of the Crunchy PostgreSQL Operator Ansible Installer . The Crunchy PostgreSQL Operator 4.0 provides Ansible playbooks to automate the installation. These Ansible playbooks allow users to deploy the operator to a variety o...
Read More