8 Security bad practices
In this chapter
- Being careless with command-line password use
- Inadvertently exposing your database to outside actors
- Granting more access than necessary
- Writing and using functions insecurely
As a well-respected piece of software, PostgreSQL is renowned for taking security seriously and its security-by-default posture. The project’s Security Team is comprised of experienced contributors who assess and react to threats rapidly through the issue of minor releases that contain the vulnerability fixes.
However, unfortunately, the majority of IT security breaches are not attributable to obscure exploits and vulnerabilities but rather more mundane reasons, such as the system administrator not changing the default credentials in the production server. When security best practices are not adhered to, there can be severe consequences like attacks using privilege escalation, data breaches, and worse. What we address in this chapter is operator error (i.e., how sloppiness can affect Postgres security) and what you can do to prevent this.
8.1 Specifying psql -W or - -password
Most PostgreSQL command-line tools, like psql, accept the same options, such as -h or --host= for specifying the hostname of the database server to connect to or -U/ --username= for the user to connect as. It’s very common for users to use the -W or --password switch when connecting to specify the password for the user.