safe data is happy data
DESCRIPTION
TRANSCRIPT
![Page 1: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/1.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
Safe Datais
Happy DataJosh BerkusPostgreSQL Core TeamOSCON 2008
![Page 2: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/2.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
Why shouldapplication developers
careabout database
security?
![Page 3: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/3.jpg)
“I don't need to know”
“Our network security will take care of it.”
“I applied all the web server and PHP patches.”
“Security belongs in the application layer.”
“Database security slows development.”
“Nobody will hack my website. We run Linux.”
![Page 4: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/4.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 5: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/5.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 6: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/6.jpg)
![Page 7: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/7.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
microsoft
![Page 8: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/8.jpg)
nokia
![Page 9: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/9.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
government agencies
![Page 10: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/10.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
the U.N.
![Page 11: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/11.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
political parties
![Page 12: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/12.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 13: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/13.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 14: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/14.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 15: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/15.jpg)
The cost of unsafe data
Contacting 19 000 customers: $380 000
Paying for credit reports for 19 000 customers: $931 000
Shipping stolen merchandise:$4 600 000
Lost customer goodwill and reputation as an insecure & careless company:Priceless!
![Page 16: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/16.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
How do you make your data safe?
![Page 17: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/17.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
security != control
![Page 18: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/18.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 19: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/19.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
How do you make your data safe?
![Page 20: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/20.jpg)
perimeter-only security
webserver routerdatabaseserver
firewall
anti-DOS
openopen
secure
![Page 21: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/21.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 22: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/22.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 23: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/23.jpg)
perimeter-only security
webserver routerdatabaseserver
firewall
anti-DOS
openopen
secureinsecure
![Page 24: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/24.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 25: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/25.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 26: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/26.jpg)
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
![Page 27: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/27.jpg)
![Page 28: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/28.jpg)
You need multilayer security!
webserver routerdatabaseserver
firewall
anti-DOS
restricted
secure
updates
tripwireabstraction
permissions
restrictedaudit
![Page 29: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/29.jpg)
Your database engine can help.
webserver routerdatabaseserver
firewall
anti-DOS
restricted
secure
updates
tripwireabstraction
permissions
restrictedaudit
![Page 30: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/30.jpg)
threat model Four primary threat vectors to your data:
1.SQL injection2.direct connection3.webserver compromise4.staff access
![Page 31: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/31.jpg)
database tools1.access control2.authentication3.ROLEs & permissions4.data abstraction
VIEWs stored procedures
5.data auditing logs table auditing
6.advanced security frameworks
![Page 32: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/32.jpg)
access control Goal: Use database access control lists to prevent connections from anywhere but specified networks.
webserverdatabaseserver
![Page 33: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/33.jpg)
pg_hba.confTYPE DATABASE USER CIDR-ADDRESS METHOD
local all postgres identhost all postgres 127.0.0.1/32 identlocal all all md5host all all 127.0.0.1/32 md5
hostssl webapp +webusers 192.168.2.0/24 md5
host all +admins 10.2.0.0/16 krb5
host all all 0.0.0.0/0 reject
![Page 34: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/34.jpg)
mysql users tableUser host ssl_type-- superuserroot 127.0.0.1
-- anonymous user, matches everyonelocalhost127.0.0.1
-- SSL webappwebapp 129.168.2.* ANY
-- mysql doesn't support kerberosadmins 10.2.*
![Page 35: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/35.jpg)
authentication Goal: prevent privilege escalation on connections to the database.
psql -U postgres -h masterserver -c 'update users set password = \'haxx0r\'where login = \'administrator\'
![Page 36: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/36.jpg)
authentication methods
ident: host OS responsible for security good for: administrative tasks bad for: external users
md5: hashed passwords good for: most things bad for: embed password in the app.
krb5 / gss / ldap: identity checked against authentication servers good for: everything bad for: lots of troubleshooting
![Page 37: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/37.jpg)
pg_hba.confTYPE DATABASE USER CIDR-ADDRESS METHOD
local all postgres identhost all postgres 127.0.0.1/32 identlocal all all md5host all all 127.0.0.1/32 md5
hostssl webapp +webusers 192.168.2.0/24 md5
host all +admins 10.2.0.0/16 krb5
host all all 0.0.0.0/0 reject
![Page 38: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/38.jpg)
ROLEs & privileges Goal: prevent authenticated low-level users from modifying or accessing restricted data.
SELECT FROM users;
UPDATE users;
![Page 39: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/39.jpg)
ROLEs ROLEs ~~ users and groups.
some roles can log in (“users”) roles can be members of multiple other roles
use SET ROLE to change ROLE context
admins
claudio felipe
users
dataentry readonly
guestwei-chenleo
![Page 40: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/40.jpg)
privileges All database objects have privileges, specific to their type: tables: SELECT, INSERT, UPDATE, DELETE schema: USAGE, CREATE function: EXECUTE database: CONNECT, TEMP, CREATE
Privileges can be used to “lock down” data for low-level users.
![Page 41: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/41.jpg)
using ROLEs & privileges example
basic web application admins
claudio felipe
webusers
member guest
schema admin
usersrightssettings
schema members
profilesmessages
schema cms
pagestemplates
![Page 42: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/42.jpg)
using ROLEs & privileges example
admin: modify anything admins
claudio felipe
webusers
member guest
schema admin
usersrightssettings
schema members
profilesmessages
schema cms
pagestemplatescomments
![Page 43: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/43.jpg)
using ROLEs & privileges example
webusers: connect, read cms admins
claudio felipe
webusers
member guest
schema admin
usersrightssettings
schema members
profilesmessages
schema cms
pagestemplatescomments
![Page 44: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/44.jpg)
using ROLEs & privileges example
members: read admin, write members admins
claudio felipe
webusers
member guest
schema admin
usersrightssettings
schema members
profilesmessages
schema cms
pagestemplatescomments
![Page 45: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/45.jpg)
use ROLE& perm-issionmanage-
menttools
![Page 46: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/46.jpg)
database abstraction
views a VIEW is a “stored query” with its own permissions
limit access to specific rows or columns
stored procedures SECURITY DEFINER procedures allow controlled privilege escalation
make sure to lock them down, though!
![Page 47: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/47.jpg)
don't allow access to base tables
memberschema admin
rightssettings
schema members
profilesmessages
viewuser_names
functionslogin()change_pw()
users
![Page 48: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/48.jpg)
using abstraction: password checking
CREATE FUNCTION login (mailaddr TEXT, pwd TEXT, vip INET
) RETURNS login_type LANGUAGE plpgsql VOLATILE STRICT SECURITY DEFINERSET SEARCH_PATH = admin, members;as $func$declare rtype login_type;
vuser INT;vmail TEXT;vkey INT;vadmin BOOLEAN;
begin--this is the login procedure which is the only way to authenticate a new user.--it checks the users password, generates a passkey, deletes any old sessions--and creates the new session
select id, (admin_info.user > 0) into vuser, vadminfrom users JOIN user_passwords ON users.id = user_passwords.user
LEFT OUTER JOIN admin_info ON users.id = admin_info.userwhere lower(email) = lower(vmail)
and permissions is not nulland syshash_compare(pwd, "password");
IF vuser > 0 THEN ...
![Page 49: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/49.jpg)
What do you do if they get in anyway?
sometimes your other measures fail exploits loopholes misconfiguration
sometimes the bad guys have legitimate access users staff sysadmins
![Page 50: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/50.jpg)
database auditing Goal: know what happened after it happened, and be able to restore your data without searching backup tapes.
![Page 51: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/51.jpg)
auditing: logs dozens of log options
users connections queries run errors
the log can help you analyze a break-in maybe even tell you what was stolen
![Page 52: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/52.jpg)
secure your logs best way to find “DBA corruption”
make sure that not even the admins can erase/alter all copies
make sure few people can change postgresql.conf
use a secured log server “syslog” is good for this
make a plan for secure log archiving
![Page 53: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/53.jpg)
postgresql.conflog_destination = 'syslog'
syslog_facility = 'LOGSERVER' syslog_ident = 'postgres_1'
log_connections = onlog_disconnections = on
log_statement = 'all'log_statement = 'mod'log_statement = 'ddl'
![Page 54: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/54.jpg)
mysql#start mysql with the query log
mysqladmin --log start
#how to write the logs to another server#is up to you
#maybe hack mysql_log_rotate?
![Page 55: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/55.jpg)
data auditingmember
schema members
profiles
schema audit_members
profiles
![Page 56: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/56.jpg)
data auditingmember
schema members
profiles
schema audit_members
profilesUPDATEorDELETE
![Page 57: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/57.jpg)
data auditingmember
schema members
profiles
schema audit_members
profilesUPDATEorDELETE
INSERTold data
![Page 58: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/58.jpg)
data auditing table members.profiles
member | interests josh | pottery, cooking
table audit_members.profiles member | interests | changed | change_by josh | gaming | 5/23/01 | claudio josh | pottery | 3/24/08 | felipe
![Page 59: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/59.jpg)
data auditingCREATE FUNCTION audit.trail_companies ()RETURNS TRIGGERLANGUAGE plpgsql SECURITY DEFINER SET SEARCH_PATH = audit, mainas $func$BEGIN
INSERT INTO audit.companiesSELECT *, now(), CURRENT_USER FROM companies WHERE id = OLD.id;RETURN OLD;
IF TG_OP = 'DELETE' THENRETURN OLD;
ELSIF TG_OP = 'UPDATE' THENNEW.mod_date = now();RETURN NEW;
END;
END; $func$;
CREATE TRIGGER tg_companiesBEFORE UPDATE OR DELETE companiesFOR EACH ROW EXECUTE PROCEDURE audit.trail_companies();
![Page 60: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/60.jpg)
xtreme security:multilevel
![Page 61: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/61.jpg)
xtreme security:SE Postgres
![Page 62: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/62.jpg)
data safe & happy? access restricted authenticated privileged abstracted audited ... happy!
![Page 63: Safe Data is Happy Data](https://reader034.vdocument.in/reader034/viewer/2022042601/5495b0edac79592f2e8b4efc/html5/thumbnails/63.jpg)
contact Josh Berkus
[email protected] blogs.ittoolbox.com/database/soup www.powerpostgresql.com
PostgreSQL www.postgresql.org SEPostgres: http://code.google.com/p/sepgsql
Copyright 2008 Josh Berkus, distributable under the creative commons attribution license
Thanks to KaiGai Kohei for SEPostgres diagrams, and to Harrison Fisk for MySQL examples.