safe data is happy data

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

Safe Datais

Happy DataJosh BerkusPostgreSQL Core TeamOSCON 2008

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

Why shouldapplication developers

careabout database

security?

“I don't need to know”

“Our network security will take care of it.”

“I applied all the web server and PHP patches.”

“Security belongs in the application layer.”

“Database security slows development.”

“Nobody will hack my website. We run Linux.”

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

microsoft

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

government agencies

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

the U.N.

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

political parties

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

The cost of unsafe data

Contacting 19 000 customers: $380 000

Paying for credit reports for 19 000 customers: $931 000

Shipping stolen merchandise:$4 600 000

Lost customer goodwill and reputation as an insecure & careless company:Priceless!

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

How do you make your data safe?

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

security != control

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

How do you make your data safe?

perimeter-only security

webserver routerdatabaseserver

firewall

anti-DOS

openopen

secure

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

perimeter-only security


firewall

anti-DOS

openopen

secureinsecure

10111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110001010101010111001101010101010100001101001001001001000011100010101010101110011010101010101000011010010010010010000111000101010101011100110101010101010000110100100100100100001110

You need multilayer security!


firewall

anti-DOS

restricted

secure

updates

tripwireabstraction

permissions

restrictedaudit

Your database engine can help.


firewall

anti-DOS

restricted

secure

updates

tripwireabstraction

permissions

restrictedaudit

threat model Four primary threat vectors to your data:

1.SQL injection2.direct connection3.webserver compromise4.staff access

database tools1.access control2.authentication3.ROLEs & permissions4.data abstraction

VIEWs stored procedures

5.data auditing logs table auditing

6.advanced security frameworks

access control Goal: Use database access control lists to prevent connections from anywhere but specified networks.

webserverdatabaseserver

pg_hba.confTYPE DATABASE USER CIDR-ADDRESS METHOD

local all postgres identhost all postgres 127.0.0.1/32 identlocal all all md5host all all 127.0.0.1/32 md5

hostssl webapp +webusers 192.168.2.0/24 md5

host all +admins 10.2.0.0/16 krb5

host all all 0.0.0.0/0 reject

mysql users tableUser host ssl_type-- superuserroot 127.0.0.1

-- anonymous user, matches everyonelocalhost127.0.0.1

-- SSL webappwebapp 129.168.2.* ANY

-- mysql doesn't support kerberosadmins 10.2.*

authentication Goal: prevent privilege escalation on connections to the database.

psql -U postgres -h masterserver -c 'update users set password = \'haxx0r\'where login = \'administrator\'

authentication methods

ident: host OS responsible for security good for: administrative tasks bad for: external users

md5: hashed passwords good for: most things bad for: embed password in the app.

krb5 / gss / ldap: identity checked against authentication servers good for: everything bad for: lots of troubleshooting

pg_hba.confTYPE DATABASE USER CIDR-ADDRESS METHOD

local all postgres identhost all postgres 127.0.0.1/32 identlocal all all md5host all all 127.0.0.1/32 md5

hostssl webapp +webusers 192.168.2.0/24 md5

host all +admins 10.2.0.0/16 krb5

host all all 0.0.0.0/0 reject

ROLEs & privileges Goal: prevent authenticated low-level users from modifying or accessing restricted data.

SELECT FROM users;

UPDATE users;

ROLEs ROLEs ~~ users and groups.

some roles can log in (“users”) roles can be members of multiple other roles

use SET ROLE to change ROLE context

admins

claudio felipe

users

dataentry readonly

guestwei-chenleo

privileges All database objects have privileges, specific to their type: tables: SELECT, INSERT, UPDATE, DELETE schema: USAGE, CREATE function: EXECUTE database: CONNECT, TEMP, CREATE

Privileges can be used to “lock down” data for low-level users.

using ROLEs & privileges example

basic web application admins

claudio felipe

webusers

member guest

schema admin

usersrightssettings

schema members

profilesmessages

schema cms

pagestemplates


admin: modify anything admins

claudio felipe

webusers

member guest

schema admin

usersrightssettings

schema members

profilesmessages

schema cms

pagestemplatescomments


webusers: connect, read cms admins

claudio felipe

webusers

member guest

schema admin

usersrightssettings

schema members

profilesmessages

schema cms



members: read admin, write members admins

claudio felipe

webusers

member guest

schema admin

usersrightssettings

schema members

profilesmessages

schema cms


use ROLE& perm-issionmanage-

menttools

database abstraction

views a VIEW is a “stored query” with its own permissions

limit access to specific rows or columns

stored procedures SECURITY DEFINER procedures allow controlled privilege escalation

make sure to lock them down, though!

don't allow access to base tables

memberschema admin

rightssettings

schema members

profilesmessages

viewuser_names

functionslogin()change_pw()

users

using abstraction: password checking

CREATE FUNCTION login (mailaddr TEXT, pwd TEXT, vip INET

) RETURNS login_type LANGUAGE plpgsql VOLATILE STRICT SECURITY DEFINERSET SEARCH_PATH = admin, members;as $func$declare rtype login_type;

vuser INT;vmail TEXT;vkey INT;vadmin BOOLEAN;

begin--this is the login procedure which is the only way to authenticate a new user.--it checks the users password, generates a passkey, deletes any old sessions--and creates the new session

select id, (admin_info.user > 0) into vuser, vadminfrom users JOIN user_passwords ON users.id = user_passwords.user

LEFT OUTER JOIN admin_info ON users.id = admin_info.userwhere lower(email) = lower(vmail)

and permissions is not nulland syshash_compare(pwd, "password");

IF vuser > 0 THEN ...

What do you do if they get in anyway?

sometimes your other measures fail exploits loopholes misconfiguration

sometimes the bad guys have legitimate access users staff sysadmins

database auditing Goal: know what happened after it happened, and be able to restore your data without searching backup tapes.

auditing: logs dozens of log options

users connections queries run errors

the log can help you analyze a break-in maybe even tell you what was stolen

secure your logs best way to find “DBA corruption”

make sure that not even the admins can erase/alter all copies

make sure few people can change postgresql.conf

use a secured log server “syslog” is good for this

make a plan for secure log archiving

postgresql.conflog_destination = 'syslog'

syslog_facility = 'LOGSERVER' syslog_ident = 'postgres_1'

log_connections = onlog_disconnections = on

log_statement = 'all'log_statement = 'mod'log_statement = 'ddl'

mysql#start mysql with the query log

mysqladmin --log start

#how to write the logs to another server#is up to you

#maybe hack mysql_log_rotate?

data auditingmember

schema members

profiles

schema audit_members

profiles

data auditingmember

schema members

profiles


profilesUPDATEorDELETE

data auditingmember

schema members

profiles


profilesUPDATEorDELETE

INSERTold data

data auditingCREATE FUNCTION audit.trail_companies ()RETURNS TRIGGERLANGUAGE plpgsql SECURITY DEFINER SET SEARCH_PATH = audit, mainas $func$BEGIN

INSERT INTO audit.companiesSELECT *, now(), CURRENT_USER FROM companies WHERE id = OLD.id;RETURN OLD;

IF TG_OP = 'DELETE' THENRETURN OLD;

ELSIF TG_OP = 'UPDATE' THENNEW.mod_date = now();RETURN NEW;

END;

END; $func$;

CREATE TRIGGER tg_companiesBEFORE UPDATE OR DELETE companiesFOR EACH ROW EXECUTE PROCEDURE audit.trail_companies();

xtreme security:multilevel

xtreme security:SE Postgres

data safe & happy? access restricted authenticated privileged abstracted audited ... happy!

contact Josh Berkus

[email protected] blogs.ittoolbox.com/database/soup www.powerpostgresql.com

PostgreSQL www.postgresql.org SEPostgres: http://code.google.com/p/sepgsql

Copyright 2008 Josh Berkus, distributable under the creative commons attribution license

Thanks to KaiGai Kohei for SEPostgres diagrams, and to Harrison Fisk for MySQL examples.

safe data is happy data

Technology