plaintext
4 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
local all postgres peer
hostssl app_production app_user 10.0.0.0/16 scram-sha-256
hostssl app_production reporting_user 10.0.1.0/24 scram-sha-256
host all all 0.0.0.0/0 reject
1 file · plaintext
Explain with highlit
Database hardening starts with connection control and role hygiene. I separate app, migration, reporting, and admin roles so compromise impact is constrained. The default question is not what permissions are convenient, but which ones are actually necessary.
Share this code
Here's the card — post it anywhere.