Security Expert Recommendations

Rule Check SSL for improved performance
Recommendation Consider disabling SSL for improved performance.
Trigger ssl = on and listen_addresses in (‘localhost’, ‘127.0.0.1’, ‘::1’)
Severity Low

Description: SSL authentication is invaluable for protecting against connection-spoofing and eavesdropping attacks, but it is not always necessary for adequate security. When PostgreSQL accepts only local connections, or when it accepts only connections from a trusted network where malicious network traffic is not a concern, SSL encryption may not be necessary. Consider changing this setting if the current value is not appropriate for your environment.

Note: Even when SSL encryption is enabled, PostgreSQL servers should be further protected using an appropriate firewall configuration.

Rule Check SSL for improved connection security
Recommendation Consider using SSL for improved connection security.
Trigger ssl = off and listen_addresses not in (‘localhost’, ‘127.0.0.1’,’::1’)
Severity Medium

Description: The configuration variable listen_addresses indicates that your system may accept non-local connection requests, but SSL is not enabled. If PostgreSQL is exposed only to a secure, trusted internal network, this configuration is appropriate for maximum performance. Otherwise, you should consider enabling SSL. SSL offers two main advantages. First, it provides a more secure mechanism for authorizing connections to the database, helping to prevent unauthorized access. Second, SSL prevents eavesdropping attacks, where data sent from the database to clients, or from clients to the database, is viewed by an attacker while in transit. Consider changing this setting if the current value is not appropriate for your environment.

Note: Even when SSL encryption is enabled, PostgreSQL servers should be further protected using an appropriate firewall configuration.

Rule Check TRUST authentication is disabled
Recommendation Avoid trust and ident authentication on unsecured networks.
Trigger trust or ident authentication allowed to any host other than 127.0.0.1 or ::1
Severity High

Description: An attacker with access to your network can easily use the trust and ident authentication methods to subvert your network. If PostgreSQL is not running on a secure network, with firewalls in place to prevent malicious traffic, the use of these authentication methods should be avoided.

Rule Check Password authentication on unsecured networks
Recommendation Avoid password authentication on unsecured networks.
Trigger (connection_type = ‘host’ or connection_type = ‘hostnossl’) and method = ‘password’
Severity High

Description: Passwords should not be transmitted in plaintext over unsecured networks. The use of md5 authentication provides slightly better security, but can still allow accounts to be compromised by a determined attacker. SSL encryption is a superior alternative. To require the use of SSL, set the connection type to hostssl in the pg_hba.conf file.

Rule Check SSL for increased security
Recommendation Consider requiring SSL.
Trigger ssl = on in postgresql.conf, but no hostssl lines in pg_hba.conf
Severity Medium

Description: SSL encrypts passwords and all data transmitted over the connection, providing increased security. To require the use of SSL, set the connection type to hostssl in the pg_hba.conf file.