10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
“I dont need to       know”“Our network security will takecare of it.”“I applied all the web server andPHP patches.”“Secur...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
nokia
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
The cost ofunsafe dataContacting 19 000 customers:$380 000Paying for credit reports for 19000 customers:$931 000Shipping s...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
perimeter-only   security                                     anti-DOS                                           firewall ...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
perimeter-only   security                                     anti-DOS                                           firewall ...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011...
You need multilayer      security!  permissions    tripwire              anti-DOS         abstraction    updates          ...
Your database        engine can help.  permissions    tripwire              anti-DOS         abstraction    updates       ...
threat model Four primary threat vectors to your data:1.SQL injection2.direct connection3.webserver compromise4.staff access
database tools1.access control2.authentication3.ROLEs & permissions4.data abstraction   VIEWs   stored procedures5.data au...
access controlGoal: Use database access controllists to prevent connections fromanywhere but specified networks.       dat...
pg_hba.confTYPE    DATABASE   USER        CIDR-ADDRESS     METHODlocal   all        postgres                     identhost...
mysql users tableUser   host          ssl_type-- superuserroot   127.0.0.1-- anonymous user, matches everyone   localhost ...
authenticationGoal: prevent privilege escalationon connections to the database.psql -U postgres -hmasterserver -c update u...
authentication        methodsident: host OS responsible forsecurity good for: administrative tasks bad for: external users...
pg_hba.confTYPE    DATABASE   USER        CIDR-ADDRESS     METHODlocal   all        postgres                     identhost...
ROLEs & privilegesGoal: prevent authenticated low-level users from modifying oraccessing restricted data.          SELECT ...
ROLEsROLEs ~~ users and groups.   some roles can log in (“users”)   roles can be members of multiple other   roles   use S...
privilegesAll database objects haveprivileges, specific to their type: tables: SELECT, INSERT, UPDATE, DELETE schema: USAG...
using ROLEs &privileges examplebasic web application      admins                           webusersclaudio        felipe  ...
using ROLEs &privileges exampleadmin: modify anything      admins                           webusersclaudio        felipe ...
using ROLEs &privileges examplewebusers: connect, read cms      admins                           webusersclaudio        fe...
using ROLEs &privileges examplemembers: read admin, write members      admins                           webusersclaudio   ...
use ROLE & perm-  ission manage-    ment   tools
database        abstractionviews a VIEW is a “stored query” with its own permissions limit access to specific rows or colu...
dont allow access  to base tablesschema admin     schema      member                 members rights settings       profile...
using abstraction:      password checkingCREATE FUNCTION login (   mailaddr TEXT, pwd TEXT, vip INET) RETURNS login_typeLA...
What do you do ifthey get in anyway?sometimes your other measures fail exploits loopholes misconfigurationsometimes the ba...
database auditingGoal: know what happened after ithappened, and be able to restoreyour data without searching backuptapes.
auditing: logsdozens of log options users connections queries run errorsthe log can help you analyze abreak-in maybe even ...
secure your logsbest way to find “DBA corruption” make sure that not even the admins can erase/alter all copies make sure ...
postgresql.conflog_destination = syslogsyslog_facility = LOGSERVERsyslog_ident = postgres_1log_connections = onlog_disconn...
mysql#start mysql with the query logmysqladmin --log start#how to write the logs to another server#is up to you#maybe hack...
data auditingmember            schema        schema            members    audit_members            profiles     profiles
data auditingmember            schema        schema            members    audit_membersUPDATEor          profiles     prof...
data auditingmember            schema        schema            members    audit_membersUPDATEor          profiles     prof...
data auditingtable members.profiles member | interests   josh | pottery, cookingtable audit_members.profiles member | inte...
data auditingCREATE FUNCTION audit.trail_companies ()RETURNS TRIGGERLANGUAGE plpgsql SECURITY DEFINER SET SEARCH_PATH = au...
xtreme security:   multilevel
xtreme security:   SE Postgres
data safe & happy?access restrictedauthenticatedprivilegedabstractedaudited... happy!
contactJosh Berkus josh@postgresql.org blogs.ittoolbox.com/database/soup www.powerpostgresql.comPostgreSQL www.postgresql....
Safe Data is Happy Data
Safe Data is Happy Data
Upcoming SlideShare
Loading in …5
×

Safe Data is Happy Data

7,695 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
7,695
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Safe Data is Happy Data

  1. 1. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000 Safe Data011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000 is111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001 Happy Data11000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110 Josh Berkus1001001001001000011100010101010101110011010101010101000011010010010010010000111 PostgreSQL Core Team0001010101010111001101010101010100001101001001001001000011100010101010101110011 OSCON 200801010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  2. 2. 101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010 Why should111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101 application110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011 developers100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111 care00110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000 about database111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001 security?110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  3. 3. “I dont need to know”“Our network security will takecare of it.”“I applied all the web server andPHP patches.”“Security belongs in theapplication layer.”“Database security slowsdevelopment.”“Nobody will hack my website. Werun Linux.”
  4. 4. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  5. 5. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  6. 6. 101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011 microsoft01010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  7. 7. nokia
  8. 8. 101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011 government agencies01010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  9. 9. 101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011 the U.N.01010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  10. 10. 101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011 political parties01010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  11. 11. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  12. 12. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  13. 13. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  14. 14. The cost ofunsafe dataContacting 19 000 customers:$380 000Paying for credit reports for 19000 customers:$931 000Shipping stolen merchandise:$4 600 000Lost customer goodwill andreputation as an insecure &careless company:Priceless!
  15. 15. 1011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100 How do you make001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000 your data safe?0110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  16. 16. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100 security != control001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  17. 17. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  18. 18. 1011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100 How do you make001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000 your data safe?0110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  19. 19. perimeter-only security anti-DOS firewall open opendatabase webserver router server secure
  20. 20. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  21. 21. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  22. 22. perimeter-only security anti-DOS firewall open opendatabase webserver router server insecure secure
  23. 23. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  24. 24. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  25. 25. 10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110
  26. 26. You need multilayer security! permissions tripwire anti-DOS abstraction updates firewall restricted restrictedaudit database webserver router server secure
  27. 27. Your database engine can help. permissions tripwire anti-DOS abstraction updates firewall restricted restrictedaudit database webserver router server secure
  28. 28. threat model Four primary threat vectors to your data:1.SQL injection2.direct connection3.webserver compromise4.staff access
  29. 29. database tools1.access control2.authentication3.ROLEs & permissions4.data abstraction VIEWs stored procedures5.data auditing logs table auditing6.advanced security frameworks
  30. 30. access controlGoal: Use database access controllists to prevent connections fromanywhere but specified networks. database webserver server
  31. 31. pg_hba.confTYPE DATABASE USER CIDR-ADDRESS METHODlocal all postgres identhost all postgres 127.0.0.1/32 identlocal all all md5host all all 127.0.0.1/32 md5hostssl webapp +webusers 192.168.2.0/24 md5host all +admins 10.2.0.0/16 krb5host all all 0.0.0.0/0 reject
  32. 32. mysql users tableUser host ssl_type-- superuserroot 127.0.0.1-- anonymous user, matches everyone localhost 127.0.0.1-- SSL webappwebapp 129.168.2.* ANY-- mysql doesnt support kerberosadmins 10.2.*
  33. 33. authenticationGoal: prevent privilege escalationon connections to the database.psql -U postgres -hmasterserver -c update usersset password = haxx0rwhere login = administrator
  34. 34. authentication methodsident: host OS responsible forsecurity good for: administrative tasks bad for: external usersmd5: hashed passwords good for: most things bad for: embed password in the app.krb5 / gss / ldap: identity checkedagainst authentication servers good for: everything bad for: lots of troubleshooting
  35. 35. pg_hba.confTYPE DATABASE USER CIDR-ADDRESS METHODlocal all postgres identhost all postgres 127.0.0.1/32 identlocal all all md5host all all 127.0.0.1/32 md5hostssl webapp +webusers 192.168.2.0/24 md5host all +admins 10.2.0.0/16 krb5host all all 0.0.0.0/0 reject
  36. 36. ROLEs & privilegesGoal: prevent authenticated low-level users from modifying oraccessing restricted data. SELECT FROM users; UPDATE users;
  37. 37. ROLEsROLEs ~~ users and groups. some roles can log in (“users”) roles can be members of multiple other roles use SET ROLE to change ROLE context users admins dataentry readonlyclaudio felipe leo wei-chen guest
  38. 38. privilegesAll database objects haveprivileges, specific to their type: tables: SELECT, INSERT, UPDATE, DELETE schema: USAGE, CREATE function: EXECUTE database: CONNECT, TEMP, CREATEPrivileges can be used to “lockdown” data for low-level users.
  39. 39. using ROLEs &privileges examplebasic web application admins webusersclaudio felipe member guestschema admin schema schema cms members users pages rights profiles templates settings messages
  40. 40. using ROLEs &privileges exampleadmin: modify anything admins webusersclaudio felipe member guestschema admin schema schema cms members users pages rights profiles templates settings messages comments
  41. 41. using ROLEs &privileges examplewebusers: connect, read cms admins webusersclaudio felipe member guestschema admin schema schema cms members users pages rights profiles templates settings messages comments
  42. 42. using ROLEs &privileges examplemembers: read admin, write members admins webusersclaudio felipe member guestschema admin schema schema cms members users pages rights profiles templates settings messages comments
  43. 43. use ROLE & perm- ission manage- ment tools
  44. 44. database abstractionviews a VIEW is a “stored query” with its own permissions limit access to specific rows or columnsstored procedures SECURITY DEFINER procedures allow controlled privilege escalation make sure to lock them down, though!
  45. 45. dont allow access to base tablesschema admin schema member members rights settings profiles messages view user_names users functions login() change_pw()
  46. 46. using abstraction: password checkingCREATE FUNCTION login ( mailaddr TEXT, pwd TEXT, vip INET) RETURNS login_typeLANGUAGE plpgsql VOLATILE STRICT SECURITY DEFINERSET SEARCH_PATH = admin, members;as $func$declare rtype login_type; vuser INT; vmail TEXT; vkey INT; vadmin BOOLEAN;begin --this is the login procedure which is the only way to authenticate a new user. --it checks the users password, generates a passkey, deletes any old sessions --and creates the new session select id, (admin_info.user > 0) into vuser, vadmin from users JOIN user_passwords ON users.id = user_passwords.user LEFT OUTER JOIN admin_info ON users.id = admin_info.user where lower(email) = lower(vmail) and permissions is not null and syshash_compare(pwd, "password"); IF vuser > 0 THEN ...
  47. 47. What do you do ifthey get in anyway?sometimes your other measures fail exploits loopholes misconfigurationsometimes the bad guys havelegitimate access users staff sysadmins
  48. 48. database auditingGoal: know what happened after ithappened, and be able to restoreyour data without searching backuptapes.
  49. 49. auditing: logsdozens of log options users connections queries run errorsthe log can help you analyze abreak-in maybe even tell you what was stolen
  50. 50. secure your logsbest way to find “DBA corruption” make sure that not even the admins can erase/alter all copies make sure few people can change postgresql.confuse a secured log server “syslog” is good for thismake a plan for secure logarchiving
  51. 51. postgresql.conflog_destination = syslogsyslog_facility = LOGSERVERsyslog_ident = postgres_1log_connections = onlog_disconnections = onlog_statement = alllog_statement = modlog_statement = ddl
  52. 52. mysql#start mysql with the query logmysqladmin --log start#how to write the logs to another server#is up to you#maybe hack mysql_log_rotate?
  53. 53. data auditingmember schema schema members audit_members profiles profiles
  54. 54. data auditingmember schema schema members audit_membersUPDATEor profiles profilesDELETE
  55. 55. data auditingmember schema schema members audit_membersUPDATEor profiles profilesDELETE INSERT old data
  56. 56. data auditingtable members.profiles member | interests josh | pottery, cookingtable audit_members.profiles member | interests | changed | change_by josh | gaming | 5/23/01 | claudio josh | pottery | 3/24/08 | felipe
  57. 57. data auditingCREATE FUNCTION audit.trail_companies ()RETURNS TRIGGERLANGUAGE plpgsql SECURITY DEFINER SET SEARCH_PATH = audit, mainas $func$BEGININSERT INTO audit.companiesSELECT *, now(), CURRENT_USER FROM companiesWHERE id = OLD.id;RETURN OLD;IF TG_OP = DELETE THEN RETURN OLD;ELSIF TG_OP = UPDATE THEN NEW.mod_date = now(); RETURN NEW;END;END; $func$;CREATE TRIGGER tg_companiesBEFORE UPDATE OR DELETE companiesFOR EACH ROW EXECUTE PROCEDURE audit.trail_companies();
  58. 58. xtreme security: multilevel
  59. 59. xtreme security: SE Postgres
  60. 60. data safe & happy?access restrictedauthenticatedprivilegedabstractedaudited... happy!
  61. 61. contactJosh Berkus josh@postgresql.org blogs.ittoolbox.com/database/soup www.powerpostgresql.comPostgreSQL www.postgresql.org SEPostgres: http://code.google.com/p/sepgsql Thanks to KaiGai Kohei for SEPostgres diagrams, and to Harrison Fisk for MySQL examples. Copyright 2008 Josh Berkus, distributable under the creative commons attribution license

×