Posts Tagged "security"

Application users vs. Row Level Security

A few days ago I’ve blogged about the common issues with roles and privileges we discover during security reviews. Of course, PostgreSQL offers many advanced security-related features, one of them being Row Level Security (RLS), available since PostgreSQL 9.5. As 9.5 was released in January 2016 (so just a few months ago), RLS is fairly…

Auditing Users and Roles in PostgreSQL

One of the services we offer are security reviews (or audits, if you want), covering a range of areas related to security. It may be a bit surprising, but a topic that often yields the most serious issues is roles and privileges. Perhaps the reason why roles and privileges are a frequent source of issues…

Emulating row security in PostgreSQL 9.4

PostgreSQL 9.5 adds declarative row security. You can declare policies on tables and have them enforced automatically – for example, allowing user joe to only see rows with the owner column equal to joe. This is a great feature, and it’s been a long time coming. It didn’t make it into PostgreSQL 9.4, but automatically…

Ansible Loves PostgreSQL

Ansible is simply great and PostgreSQL is surely awesome, let’s see how they work amazingly together!

Row security in PostgreSQL – Overview

In the next week I will be writing a series of posts about the row-security work I’ve been doing for PostgreSQL 9.4 as part of the EU’s AXLE project. I will be outlining the history, approaches tried, current status, remaining issues, and future work required. To open the series, I’d like to talk about what…

How do PostgreSQL security_barrier views work?

Security Barrier

You might have seen the support added for security_barrier views in PostgreSQL 9.2. I’ve been looking into that code with an eye to adding automatic update support for them as part of progressing row-level security work for the AXLE project, and I thought I’d take the chance to explain how they work. Robert already explained…