title

text

Bruce Momjian
Bruce Momjian EnterpriseDB
11:00 07 February
45 мин

Securing PostgreSQL From External Attack

This talk explores the ways attackers with no authorized database access can steal Postgres passwords, see database queries and results, and even intercept database sessions and return false data. Postgres supports features to eliminate all of these threats, but administrators must understand the attack vulnerabilities to protect against them. This talk covers all known Postgres external attack methods.

Материалы к докладу

Слайды

Видео

Другие доклады

  • Alexander Korotkov
    Alexander Korotkov Postgres Professional
    45 мин

    Pluggable storages

    Pluggable storages is hot subject in PostgreSQL development. The period of heated debates about whether we need them is over. Skepticism about pluggable storages, based on concern that they may be source of inconsistent behavior, was weakened after criticism of PostgreSQL MVCC implementation from Uber side. It became widely understandable that pluggable storages are needed at least for an alternative MVCC implementation. And that is one of way-points for pluggable storages interface design.

    At the moment, work on pluggable storages is in the practical stage. There is a thread is pgsql-hackers where few people are developing patchset and several people are doing review.

    This talk will cover following subjects:

    • overview of pluggable storages interface;
    • changes in PostgreSQL core required to implement this interface;
    • current and potential implementations of pluggable storages including heap with undo-log and in-memory OLTP engine;
    • current state of patchset and prospective of its commit
    • further development of interface allowing more possibilities in pluggable storages (columnar, index-organized, LSM and so on).

  • Egor Rogov
    Egor Rogov Postgres Professional
    90 мин

    Tutorial: More indexes, good and various

    "And telling GIN from SP-GIST was quite beyond his wit, we found", said the classic. Can you? This masterclass is about not-so-often used index types (compared to conventional B-tree) which however can do a great job for you. We will look into internal mechanics of these indexes and discuss cases where they can be successfully applied. Also we will talk about some peculiarities of PostgreSQL index access. To spend time efficiently, listeners are required to have basic knowledge of PostgreSQL and should be used to read plans of simple queries.

    Materials of the master class

    Backup copy of the database with demo data can be downloaded here:

  • Dmitry Belyavskiy
    Dmitry Belyavskiy ТЦИ
    22 мин

    Crypto-related parameters of PostgreSQL

    The presentation describes crypto-related parameters of PostgreSQL configuration (both authentication and TLS-protection of the connection to DB) and what do they mean

  • Максим Милютин
    Максим Милютин Wildberries
    Dmitry Ivanov
    Dmitry Ivanov Postgres Professional
    45 мин