This whitepaper presents a framework and series of recommendations to secure and protect a Postgres database. We discuss a layered security model that addresses physical security, network security, host access control, database access management and data security. While all of these aspects are equally important, the paper focuses on Postgres-specific aspects of securing the database and the data.
For our discussion of the specific security aspects relating to the database and the data managed in the database, we use a AAA (Authentication, Authorization and Accounting) approach common to computer and network security.
Most of the recommendations in this paper are applicable to PostgreSQL (the community edition) and to Postgres Plus Advanced Server (PPAS), EnterpriseDB's high-powered, feature-rich commercial distribution of PostgreSQL. PPAS, however, provides several relevant security enhancements, such as edb_audit, SQL/Protect and Virtual Private Database (VPD).