patternsqlModerate
Having a PostgreSQL database exposed to the internet
Viewed 0 times
postgresqltheexposedhavingdatabaseinternet
Problem
I've seen on DBA and other sites that exposing a database to the Internet is a particularly bad idea, but I noticed that PostgreSQL has SSL-certificate-only authentication. Does this make it any safer to expose a database to the internet (cert-only auth from non-localhost connections) or would it still be better to establish a VPN, or tunnel through SSH etc?
If the latter is safer, what exactly makes it safer? I feel like I am overlooking something glaringly obvious in this regard.
I've set up a handful of databases before but never actually needed to set one up that requires some sort of remote administration (“remote” in this case meaning over the Internet or WAN rather than a LAN).
If the latter is safer, what exactly makes it safer? I feel like I am overlooking something glaringly obvious in this regard.
I've set up a handful of databases before but never actually needed to set one up that requires some sort of remote administration (“remote” in this case meaning over the Internet or WAN rather than a LAN).
Solution
It's not really about it being a bad idea in general, more that there are very few instances where you really need to expose your database to a public interface.
Much of security is about reducing the number of attack surfaces you expose. If your application does not absolutely have to expose your database to the public then you can hide it away behind a firewall and have another level of protection from any potential exploit that might appear in the future.
I would not consider "remote administration" a good enough reason to expose postgres. As you say; you already need SSH access to your box so you could easily keep postgres behind a firewall and gain access via that without any problems.
RE: SSL connections. This would be a must unless you were happy with third-parties just reading your data while you send it over the wire. The considerations here are the same as any traffic over the public internet.
Much of security is about reducing the number of attack surfaces you expose. If your application does not absolutely have to expose your database to the public then you can hide it away behind a firewall and have another level of protection from any potential exploit that might appear in the future.
I would not consider "remote administration" a good enough reason to expose postgres. As you say; you already need SSH access to your box so you could easily keep postgres behind a firewall and gain access via that without any problems.
RE: SSL connections. This would be a must unless you were happy with third-parties just reading your data while you send it over the wire. The considerations here are the same as any traffic over the public internet.
Context
StackExchange Database Administrators Q#44136, answer score: 13
Revisions (0)
No revisions yet.