Sicherheit auf Zeilenebene

We can think of security in layers, and advise a strategy of granting the least access necessary for any job or role, blocking unnecessary access at the earliest opportunity.

  • First, and perhaps most important, is to secure physical access to the host.
  • Next is to limit access to your corporate network in general.
  • Next is to limit access to the database host.
  • Next is to limit access to the database application.
  • Next is to limit access to the data contained within.

EDB’s support subscriptions provide timely notifications of security updates and appropriate patches for Postgres.


EDB Postgres Advanced Server provides DBAs with powerful controls to implement security policies down to the row level. With Row Level Security, DBAs can limit what information can be seen or updated depending on any number of properties such as user name, clearance level, or organizational membership. DBAs have the ability to track user activity to the same degree of granularity as well. This feature is syntactically compatible with Oracle’s implementation, and includes enforcement of column-level policies (limiting visibility on sensitive values or columns) and affords a more restrictive policy application (using AND rather than OR to apply multiple policies).


LDAP, Active Directory, & Kerberos Integration

The LDAP method of authentication is useful in situations when there are large numbers of users and passwords must be managed from a central location. In this scenario, the security configuration file pg_hba.conf (postgres host-based access) restricts access based on user name, database, and source IP (if the user is connecting via TCP/IP.) This has the advantage of keeping the pg_hba.conf file small(er) and more manageable and gives users a "unified password experience" across the infrastructure. RADIUS is another option supprted by EDB Postgres Advanced Server for larger numbers of users.

The GSSAPI (Generic Security Services API) is an industry-standard protocol for secure enterprise-level authentication and authorization models, such as Kerberos (and LDAP). EDB Postgres Advanced Server supports Kerberos, a secure authentication system suitable for distributed computing over a public network. Kerberos provides secure authentication with secret-key cryptography.