Client Authentication Control
Server Configuration
User and Role Management
Super User Management
(Data Encryption (on connection ssl
(Data Encryption at Rest (pg_crypto
Logging
Auditing
Patching
(Know Your Workload (pg_stats_statement
1. تأیید هویت مشتری در چک لیست امنیتی پایگاه داده
# TYPE DATABASE USER ADDRESS METHOD
1
|
|
|
# TYPE DATABASE USER ADDRESS METHOD
|
|
|
|
CREATE ROLE g_example_ro NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION';
|
|
|
REVOKE CONNECT ON my_database FROM PUBLIC;
GRANT CONNECT ON my_database TO r_example_ro;
/var/lib/pgsql/data/postgresql.conf
ssl = 'on'
ssl_ciphers = 'ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:!RC4:!MD5:!aNULL:!EDH:!EXP:!SSLV2:!eNULL'
ssl_ciphers = 'ECDHE-RSA-AES256-SHA384:AES256-SHA256:HIGH:RC4:!MD5:!aNULL:!EDH:!EXP:!SSLV2:!eNULL'
/var/lib/pgsql/data/server.key
/var/lib/pgsql/data/server.crt
|
|
همچنین می توانید از چک لیست های امنیتی دیگر وب ساید بازدید بفرمایید