how to make the postgre SQL backup password protected - postgresql

I am backing postgre SQL db using pgadmin.
However, while the db has a password the backup file has no protection. The backup file can be taken and restored to any blank database without any password !!
How do I make the backup secure / password protected? Thanks.

PostgreSQL and PgAdmin have no built-in facility for backup encryption and password protection.
There are numerous ways you can encrypt backups. You can use gnupg, but I suspect you will be happier using a zip utility that supports encryption. I recommend 7zip, which supports the zip64 format and zip file encryption.

You might want to use a tool which supports streaming encryption - and avoid writing your plain text backup to disk. Also don't use pgAdminIII, but use pg_dump instead, and pipe the backup output into your encryption program, and write the result to disk.

Related

upgrade from postgres 12 to 13 causes user authority problem

I have a windows install of postgres 12.6-1 installed at port 6432. I have installed a newer version at port 9432 to test the database against our application.
Firstly I tried to dump globals from the 12 to sql, and install the user list into the 13. This was a disaster as all the users including the superuser now were inaccessible.
So I read the release notes, and it say to use pg_upgrade. After a lot of pain, I get it to run, but it appears to have just run the pg_dumpall like I did.
pg_upgrade failed at the point of generating databases as the local super user, because the user load has damaged the passwords and now the database cannot be accessed again.
I have checked the SQL output from the PG_DUMPALL command with and without --binary-upgrade, and it appears to be identical in it's generation of MD5 hash data from the database.
Do I need another tool?
An I doing something wrong?
The 13 database is empty, so any drastic action would be ok.
The ED 13 installation defaults the pg_hba.conf encryption to scram-sha-256. If you have loaded passwords with this encryption, keep it. If you (like me) unknowingly loaded md5 encrypted passwords, just change the encryption to md5 on the lines for pg_hba.conf and restart postgres.
If you wish to keep the scram-sha-256 encryption level, Then I suspect there is no alternative but to edit the pg_dumpall output and change the syntax to plain text password entry, and reset the passwords on the new db. I know this works because I just tried loading a sample of the file with plain text password, and was able to log in as the new user.
Thanks to Adrian Klaver and jjanes.

how to decompress .sql extension file in windows server

I have taken full backup of postgresql database which consists of 100 databases. The backup format is .sql (eg pg_dumpall.exe -U postgres > D:\Backup\fullbkp.sql) now one of my database got crashed and I want to extract this file to get that database backup only for restoration.
I have searched a lot but couldn't find any way to decompress so that I can get that particular database from full backup file.
Please suggest !!!!
Regards
Sadam
Such a backup is not compressed. Also, it contains a backup of all databases in th cluster, and there is no easy way to extract a single database.
Create a new PostgreSQL cluster with initdb, restore the dump there using psql, then use pg_dump to extract the single database you need.

PostgreSQL security local (pg_hba.conf )

In PostgreSQL we can just change local md5 to trust in pg_hba.conf. then we can access all data in database using psql without need of password.So anyone can change this line who can access local machine.
So, Is there way to password protect our database even someone change pg_hba.conf to trust
( I want to create offline app and need to protect client database,I need something like ms access, once we set the password it always ask for password )
As long as client has root/administrator acces on the computer you can't do much about pg_hba. You could make it read only but root can overyde anything. You could mount config file on read only file system but this is too complicated.
Solution can be only at database level(not OS or application): crypted data and triggers where you implement supplimentary security.
I don't think postresql is the answer for your requirement, maybe SQLite is the right one.

Backup taken from pgadmin is smaller than backup taken from pgdump

Hello experts I am using postgres 9.5 . When I take a backup from pgadmin it has 950 MB size but when i take the same db backup from pgdump.exe command the backup size is with 7.5 GB. I am confused which backup file will be secured for me that I can use to restore? the restoring process is also slow in postgresql. Please help me.
When you backup something in pgadmin it just calls pg_dump with appropriate options, so both your backups are made by the same pg_dump utility.
I guess you're comparing dumps in two different formats.
Default format for pg_dump is plain, which is basically an enormous uncompressed SQL file.
As for pgadmin, it uses custom format by default, which is a highly compressed binary file.
Also note that pgadmin always displays the actual pg_dump command used to create your dump in the log window, along with its full output.
You should be able to call this command in your command prompt to generate an identical backup file.
You can read more about different output formats and other pg_dump options in PostgreSQL docs.

Postgres Data Encryption at Rest Using LUKS with dm-crypt

We are trying to encrypt Postgres data at rest. Can't find any documentation to encrypt Postgres data folder using LUKS with dm-encrypt.
No special instructions are necessary – PostgreSQL will use the opened encrypted filesystem just like any other file system. Just point initdb to a directory in the opened file system, and it will create a PostgreSQL cluster there.
Automatic server restarts will fail, because you need to enter the passphrase.
Of all the ways to protect a database, encrypting the file system is the least useful:
Usually, attacks on a database happen via the client, normally with SQL injection. Encrypring the file system won't help.
The other common attack vector are backups. Backups done with pg_dump or pg_basebackup are not encrypted.
But I guess you know why you need it.