Presented by: Bruce Momjian Presented at the All Things Open 2021 Raleigh, NC, USA Raleigh Convention Center Abstract: This talk explores the ways attackers with no authorized database access can steal Postgres passwords, see database queries and results, and even intercept database sessions and return false data. Postgres supports features to eliminate all of these threats, but administrators must understand the attack vulnerabilities to protect against them. This talk covers all known Postgres external attack methods.