title

text

Ibrar Ahmed
Ibrar Ahmed Percona LLC
12:05 01 March
45 мин

All about PostgreSQL Security

PostgreSQL provides different levels of security. This talk will cover all the available security techniques used in PostgreSQL 13. We’ll look at client-side security (LibPq, JDBC) through to server-side security. It will cover all supported authentication methods and the pros and cons of all these methods. Some of the key features of the talk are:

  • Introduction to Cryptography
  • SSL, TLS, GSSAPI, and OpenSSL
  • Client-Side Encryption
  • Securing Authentication
  • Securing Data on the disk
  • Securing Backup & Basebackup
  • Securing Replication
  • Database Roles and Privileges

It’s important to be familiar with all the security levels such as (1)network-level security (2) on-disk security (3) row-level, (4), and column level security. The talk will cover all the aspects with some real-life use cases and examples.

Видео

Другие доклады

  • Julien Rouhaud
    Julien Rouhaud
    22 мин

    Don't fear your next glibc upgrade

    PostgreSQL relies on the system collation libraries, such glibc or ICU, for text ordering. One know caveat is that when the library change its sort order for a collation, any index created using the old order is likely to be corrupted when the new version of the library is installed.

    In this talk, we'll see the improvements done in PostgreSQL 14 to keep track of the collation versions, detect and fix possible index corruption due to library upgrades and the work currently being done to further improve this area.

  • Dmitry Ursegov
    Dmitry Ursegov Postgres Professional
    45 мин

    Shardman - the native approach to sharding in PostgreSQL

    The amount of data that is handled today by Enterprises and Web companies is constantly growing. At the same time, it becomes increasingly difficult to have and synchronize several copies of data in different systems. As a result there is a demand to work with large amounts of data directly in a transactional DBMS. This requirement is often imposed by the logic of applications that need real-time results. In this talk we will consider what a universal distributed transactional DBMS can be. We will analyze such aspects as the types of load and their prioritization, dynamic resource allocation and the level of consistency. What tools in PostgreSQL can be used to build such system, what we have already done and what is still missing.

  • Simon Riggs
    Simon Riggs Enterprise DB
    45 мин

    PostgreSQL and the SQL Standard

    PostgreSQL is one of the most standards-compliant databases available. Talk discusses the impact that PostgreSQL has made on the SQL Standard and the features PostgreSQL has implemented from the SQL Standard, as well as upcoming features in PG14 and beyond.

  • Arseniy Sher
    Arseniy Sher Postgres Professional
    45 мин

    Consensus, Postgres, Multimaster

    Postgres Pro Multimaster is Postgres extension (and a set of core patches) providing high availability (HA) with strong consistency and read scalability. It forms symmetric shared-nothing cluster synchronously replicating the data and automatically performing disaster recovery. During the last year we've put significant efforts ensuring and proving that consistency is preserved in all scenarios. The new version, which will be released as part of Postgres Pro Enterprise 13 uses Paxos algorithm for determining transaction outcome and custom protocol governing the recovery process; we used TLA+ model checker to verify its correctness. I'll tell how these things work and why in some cases multimaster may be an attractive alternative to the traditional streaming replication based HA deployments.

    multimaster is now open source, available at https://github.com/postgrespro/mmts

    To make the talk less narrow specialized and more appealing to the wide audience, in the first part I will shed some light on how generally modern DBMSs (mostly so-called NewSQL) handle fault tolerance. In particular,

    • what is a strongly consistent DBMS and the associated overhead;
    • what is distributed consensus, Paxos, Raft;
    • how they help here;

    I won't do an attempt to explain any algorithms line-by-line; it would be hardly useful given the time frames and there is a lot of literature available anyway. The goal is rather to waymark the field and get you a bit comfortable there.