PostgreSQL hardening with pg_hba and strict role separation

10573 views

                  local   all             postgres                                peer
hostssl app_production  app_user        10.0.0.0/16             scram-sha-256
hostssl app_production  reporting_user  10.0.1.0/24             scram-sha-256
host    all             all             0.0.0.0/0               reject

Database hardening starts with connection control and role hygiene. I separate app, migration, reporting, and admin roles so compromise impact is constrained. The default question is not what permissions are convenient, but which ones are actually necessary.

Kai Nakamura

More from Kai Nakamura

PostgreSQL hardening with pg_hba and strict role separation

0 Comments

More from Kai Nakamura