Postgres seminar

Security in PostgreSQL
Presented by Mahsa Monem and Majid Mobini under supervision of Dr. Dorri
Database Security Course, Tarbiat Modares University, Fall 2018
https://www.aparat.com/v/BDVoz

Contents
• Introduction (PostgreSQL vs MySQL)
• Authentication

• Roles

• Row Level Security

PostgreSQL vs MySQL
• MySQL is a relational database management system whereas,
PostgresSQL is ORDBMS (object-relational database
management system)

✓ user defined structured data
2

PostgreSQL vs MySQL
• MySQL is a relational database management system whereas,
PostgresSQL is ORDBMS (object-relational database
management system)

✓ user defined structured data
✓ table inheritance
3

PostgreSQL vs MySQL
• GUI: phpMyAdmin vs pgAdmin
4

PostgreSQL vs MySQL
• PostgreSQL provide data domain object.
5

PostgreSQL vs MySQL
• MySQL provides temporary tables but does not provide materialized
view. However, PostgreSQL provides temporary table and also the
materialized view.

✓ In MySQL, a temporary table is a special type of table that
allows you to store a temporary result set, which you can reuse
several times in a single session. A temporary table is very
handy when it is impossible or expensive to query data that
requires a single SELECT statement with the JOIN clauses.

✓ A MatView is in between a view and a table. Basically it’s built
with a query referring to one or more tables, and the results are
stored physically, making it acting like a cache.
6

Contents

• Authentication
• Roles


Authentication
• Trust authentication (single-user workstation)
• Peer authentication
- Map: Allows for mapping between system and database user names

• Ident authentication
- obtaining the client's operating system user name from an ident server and
using it as the allowed database user name

• Password authentication (password, md5, scram-sha-256)
• LDAP authentication
9

Authentication (pg_hba.conf)
10
 
Apply changes by:

- Restart PostgreSQL service

- SELECT pg_realod_conf( ) ;

Contents

• Authentication
• Roles

ROLES
• Role concept
- a role can be considered a “user”, a “group”, or both depending on
how it is used.

✓ SUPERUSER vs NOSUPERUSER
✓ CREATEDB vs NOCREATEDB
✓ CREATEROLE vs NOCREATEROLE
13

ROLES
✓ LOGIN vs NOLOGIN
These clauses determine whether a role is allowed to
log in; that is, whether the role can be given as the initial
session authorization name during client connection.
A role having the LOGIN attribute can be thought of as
a user. Roles without this attribute are useful for managing
database privileges, but are not users in the usual sense of
the word.
14

ROLES
✓ INHERIT vs NOINHERIT
These clauses determine whether a role “inherits” the
privileges of roles it is a member of. A role with the INHERIT
attribute can automatically use whatever database
privileges have been granted to all roles it is directly or
indirectly a member of. Without INHERIT, membership in
another role only grants the ability to SET ROLE to that other
role; the privileges of the other role are only available after
having done so.
✓ BYPASSRLS vs NOBYPASSRLS
15

ROW LEVEL SECURITY
• BYPASSRLS

• Table Owner

- ALTER TABLE accounts FORCE ROW LEVEL SECURITY;

• Default Policy
21

ROW LEVEL SECURITY - EXAMPLE
22

ROW LEVEL SECURITY - EXAMPLE
23

References
• https://www.postgresql.org/docs/10/auth-methods.html

• https://www.postgresql.org/docs/10/sql-createrole.html

• https://www.postgresql.org/docs/10/user-manag.html

• https://www.postgresql.org/docs/10/role-membership.html

• https://www.postgresql.org/docs/9.5/ddl-rowsecurity.html

• https://www.percona.com/live/18/sessions/securing-your-data-on-postgresql

• https://medium.com/jobteaser-dev-team/materialized-views-with-postgresql-for-
beginners-9809483db35f

• https://stackoverflow.com/questions/45865961/what-does-postgresql-to-be-ordbms-mean
24

Postgres seminar

More Related Content

What's hot

Similar to Postgres seminar

Recently uploaded

Postgres seminar