I have an application where security and data theft are primary concerns. I am using Postgres 9.4 on RDS by AWS.
I have several users who need read permission on the db. I know that these users can essentially write a script to scrape all the data from the db but is there a way to deny them from using the pg_dump utility.
I am not sure what code examples I can provide for the same.
Is there any alternate strategy to use here? To share db data with developers without allowing them to take dumps of the same?
Related
I am creating accounting/invoicing software and my database is in postgreSQL. Should I create a separate database for each user since the data is sensitive financial data? Or is having a user foreign key secure enough? If I am hosting the database on aws I understand that I could have a few db servers across multiple availability zones and regions so that if one is compromised it wouldn't effect everyone even if many users have info stored in a single database. Is this safe enough? Thanks!
In general no. Encrypt the data so that if someone exfiltrates a dump they can't actually use it without the decryption key. If you're worried that someone with admin access can see the user's information then you might want to consider a user-level encryption for all fields related to personally identifiable information.
There are few ways you could go about it but I wouldn’t create a new DB for every customers. It will be too expensive and a pain to maintain and evolve.
To me, this sounds like you are creating a multi-tenant application.
I’d personally use the row-level security feature in Postgres (see this article) or create a separate Schema for each Customer.
You can add an extra layer of protection with encryption at rest. AWS support it (link)
This question already has an answer here:
Cloud SQL Postgres - Managing Database Users, Best Practices?
(1 answer)
Closed 1 year ago.
Is there any other way than using queries to give GCP users r/w access to GCP postgresql DBs? I read about the Cloud SQL IAM database authentication but that only gives the user the ability to connect the DB and nothing more. For r/w permissions, there's a need to use queries to GRANT access. We have a lot of people requesting access to the DBs ( well, and a lot of DBs)and connecting to the DB and using a grant query each time is really time consuming.
Ideally I had something like this feature in Azure in mind( you can create r/w security groups and map the r/w permissions to them, and add users to those groups). I would be really happy and thankful to know if there's any other way that I haven't figured out yet.
I guess the answer is no. I've found that my question has being asked before: Cloud SQL Postgres - Managing Database Users, Best Practices?
We are currently looking into using tableau for analysis of app user data.
Some concerns were raised in my company about connecting tableau to our production database.
Security: We are not happy to share sensitive user data with tableau.
Database load: tableau queries may have a negative effect on the performance of our production database.
The idea came up to create a intermediary database. A script would regularly pull data from our production database and insert it into the intermediary database.
This may also make it easier to access data from our redis, elasticseatch, ??? and our main database in postgres.
Does anyone have experience with such a intermediary database? Is this common practice?
Previously I was using databases from BaaS (Backend as a Service) - Parse, Backendless, Firebase - this services has everything I need to manage users of my webapps: tokens handling, owner policies etc.
How do I manage webapp users in own database? (PostgreSQL 9.4)
Is it suppose to be just a regular table, which will contain columns "login", "password" etc. or there are specific tools to implement that?
How should I handle tokens? Should I store it somehow in database, or tokens suppose to be stored in my server and are not bind to database at all?
How do I implement owner policies? Are there some specific tools in Postgres for this, or I should simply create the column "ownerId" in each table and use it as Foreign Key?
If you know good articles on this topic - please, post a links - it will be very helpful!
I would search for it in google, but I've found nothing but articles about database users handling. I assume, this is not what I'm looking for.
Regular table or postgrsql ROLE system
Usually tokens are on application side
Postgres 9.5 have row security policies but you can implement owner policy by yourself. Hard to say what database features you have to use without
assumptions of the project.
We are in the process of building a cluster for our hosted services at work, the final product will be used to host multiple separate services. We are in the middle of deciding on how we want to setup our databases. We are running a postgresql database server which all services in the cluster will use. The debate right now is whether to give each service its own schema in a single database or to give each service its own database.
We just aren't sure which is the better solution for us. None of our services have a common structure and data does not need to be shared. What we are more concerned about is ease of use.
Here's what we care most about, we are really hoping for an objective vs opinion based answer.
Backups
Disaster recovery - all services vs individual
Security between services
Performance
For some additional information, the cluster is hosted within AWS with our database being an RDS instance.
This is what PostgreSQL official docs says:
Databases are physically separated and access control is managed at the connection level. If one PostgreSQL server instance is to house projects or users that should be separate and for the most part unaware of each other, it is therefore recommendable to put them into separate databases. If the projects or users are interrelated and should be able to use each other's resources they should be put in the same database, but possibly into separate schemas. Schemas are a purely logical structure and who can access what is managed by the privilege system.
Source: http://www.postgresql.org/docs/8.0/static/managing-databases.html
Disaster recovery - all services vs individual
You can dump and restore one database at a time. You can dump and restore one schema at a time. You can also dump schemas that match a pattern.
Security between services
I presume you mean isolation between databases and isolation between schemas. The isolation between databases is stronger and more "natural" for developers concerned with "ease of use". For example, if you use one database per service, every developer can just use the public schema for all development. This might seem "easier" than adding schemas to the search path, or "easier" than using schema.object when programming.
It depends in part on how you manage privileges for the roles you use for development, and on how you manage privileges in each database or schema. You can change default privileges.
Performance
I don't see a measurable difference. YMMV.