PGConf.SPB 2023

Hardening is the process of strengthening the security of a system in order to reduce risks from possible threats. In my presentation, I will tell you how to protect service cluster communications using TLS connections, in order to avoid accidental or unauthorized access to Patroni's REST API and ETCD storage.

Fuzzing research is feeding random input data to a program (or a part of it) (in fact, randomness is very conditional) and seeing what we get out of it. And we repeat it many times on many processors.

Fuzzing a large monolithic program complex is never a simple task. It requires extraordinary solutions. In this talk, I will tell you what and how we searched with the help of fuzzing and what results it led to.

• Investigation of data type parsing functions (input-functions): for warming up;
• Investigation of functions implementing operations between types (op-functions): it is better to consider the structure here;
• Network subsystem fuzzing: let's pretend we are POSIX calls, it's cheaper that way;
• Recovering disk context: we need Groundhog Day.

A story about funny bugs and ridiculous hand gestures will be included.

During the years of its existence, Postgres Pro piled up a pool of problems when query execution was inappropriately slow or a query was too expensive to be executed, so it was never executed. Almost always in our practice, this was due to the choice of a non-optimal query plan. In our story, we will talk about a very unconventional attempt to solve this problem by re-planning queries. We will tell you what it is, how it works, who will find it helpful and the prospects for using this feature.

Traditionally, fault tolerance in Postgres is implemented using built-in replication mechanisms and external utilities that monitor the state of running Postgres instances and react accordingly when various failures occur. In this presentation, I will tell you what we like and what we don’t like about this approach, which alternative we see, what we have been able to achieve to date and what we want to get done by the time of release, which is planned for December.