Security

PostgreSQL supports a rich set of security features to provide fine-grained control and tracking of who can connect and who did what on the database server.

Connection Authorization - Pg_hba

PostgreSQL host based authentication (HBA) is a security feature that uses a configuration file to allow or disallow connections to the Postgres server. The file contains records of the database, user, and IP address. Using HBA, you can control which clients (IP addresses) and users can connect to which databases - with as strict or loose settings as you want. Find more information on host based authentication here.

Auditing Data Changes - PGAudit

PGAudit is an open source, advanced security PostgreSQL extension designed for analyzing how a database is used. PGAudit produces a detailed record of sessions and objects within a PostgreSQL database that can be used to satisfy data change audits in financial, healthcare, or standards based certification processes. Find documentation on PGAudit configuration and examples here.

Best Practices - Security Hardening

There are a number of ways to strengthen security within the PostgreSQL database configuration. There are standard procedures to regulate role-based control, authentication, data layout and database hosts for PostgreSQL security purposes. Find more documentation on PostgreSQL security hardening here.