This document presents a framework and a series of recommendations to secure and protect a Postgres database. We discuss a layered security model that addresses physical security, network security, host access control, database access management and data encryption. While all of these aspects are equally important, the document focuses on Postgres-specific aspects of securing the database and the data. For our discussion of the specific security aspects relating to the database and the data managed in the database, we use an AAA (Authentication, Authorization and Auditing) approach common to computer and network security.
Most of the recommendations in this document are applicable to PostgreSQL (the Community edition) and to EDB Postgres™ Advanced Server (EPAS), the enterprise-class, feature-rich commercial distribution of Postgres from EnterpriseDB® (EDB™). EPAS provides additional relevant security enhancements such as Transparent Data Encryption, password profiles, auditing, data redaction and server-based SQL injection protection that are not available in the same form in PostgreSQL.