Another feature of EDB Postgres Advanced Server 11, SQL injection attack prevention blocks corruption or co-opting of a database, including unauthorized relations, utility commands, SQL tautology, and unbounded DML.
(through native Linux or
If a data center is not physically protected, all other data security measures become significantly less valuable.
DB Server Network Access
(Operating System controls)
A new feature in EDB Postgres Advanced
Server 11, data redaction shields certain data elements from certain types of users, like Social Security numbers.
Encryption in Transit
and Host Authentication
Users must be granted permissions to view
and work with data in the database. Privileges should only be granted in order for a user to perform a job. Shared or group login credentials should be avoided. A principle of least privilege should be applied.
All data — including passwords and usernames — are encrypted on the network. Certificates make sure the user communicates with the intended host machine.
Key Management System
Securing access at the host-level ensures
no users have unfettered access to the
EDB Postgres Advanced Server’s auditing capabilities make it possible for database administrators, auditors, and operators to track and analyze database activities, like the creation, changing, or deletion of data, so you can closely monitor what those with permissions are doing. EDB recommends auditing based on user connections, DDL changes, data changes, and data views.
Database Authorization and Access Control
Encrypting the file system protects the files on
the drive if the drive is stolen. Third party solutions can also leverage third- party key management systems
(locks on doors, cameras, etc.)
Through Postgres’s hba.conf, connections to the database server can be controlled and limited.
SQL Injection Attack Prevention
If a user gets past file system encryption, they can access a database that’s been logged into. Encrypting data at the column level keeps the database information secure.
Users can be authenticated using passwords, LDAP, Keberos, certificates or using operating systems credentials. Database authentication should be tied with overall user management to make sure access credentials get revoked when users leave the business or cease to be customers.
File System Encryption