Security Expert Recommendations v8
| Rule | Check SSL for improved performance |
| Recommendation | Consider disabling SSL for improved performance. |
| Trigger | ssl = on and listen_addresses in ('localhost', '127.0.0.1', '::1') |
| Severity | Low |
Description: SSL authentication is invaluable for protecting against connection-spoofing and eavesdropping attacks, but it is not always necessary for adequate security. When PostgreSQL accepts only local connections, or when it accepts only connections from a trusted network where malicious network traffic is not a concern, SSL encryption may not be necessary. Consider changing this setting if the current value is not appropriate for your environment.
Note: Even when SSL encryption is enabled, PostgreSQL servers should be further protected using an appropriate firewall configuration.
| Rule | Check SSL for improved connection security |
| Recommendation | Consider using SSL for improved connection security. |
| Trigger | ssl = off and listen_addresses not in ('localhost', '127.0.0.1','::1') |
| Severity | Medium |
Description: The configuration variable listen_addresses indicates that your system may accept non-local connection requests, but SSL is not enabled. If PostgreSQL is exposed only to a secure, trusted internal network, this configuration is appropriate for maximum performance. Otherwise, you should consider enabling SSL. SSL offers two main advantages. First, it provides a more secure mechanism for authorizing connections to the database, helping to prevent unauthorized access. Second, SSL prevents eavesdropping attacks, where data sent from the database to clients, or from clients to the database, is viewed by an attacker while in transit. Consider changing this setting if the current value is not appropriate for your environment.
Note: Even when SSL encryption is enabled, PostgreSQL servers should be further protected using an appropriate firewall configuration.
| Rule | Check TRUST authentication is disabled |
| Recommendation | Avoid trust and ident authentication on unsecured networks. |
| Trigger | trust or ident authentication allowed to any host other than 127.0.0.1 or ::1 |
| Severity | High |
Description: An attacker with access to your network can easily use the trust and ident authentication methods to subvert your network. If PostgreSQL is not running on a secure network, with firewalls in place to prevent malicious traffic, the use of these authentication methods should be avoided.
| Rule | Check Password authentication on unsecured networks |
| Recommendation | Avoid password authentication on unsecured networks. |
| Trigger | (connection_type = 'host' or connection_type = 'hostnossl') and method = 'password' |
| Severity | High |
Description: Passwords should not be transmitted in plaintext over unsecured networks. The use of md5 authentication provides slightly better security, but can still allow accounts to be compromised by a determined attacker. SSL encryption is a superior alternative. To require the use of SSL, set the connection type to hostssl in the pg_hba.conf file.
| Rule | Check SSL for increased security |
| Recommendation | Consider requiring SSL. |
| Trigger | ssl = on in postgresql.conf, but no hostssl lines in pg_hba.conf |
| Severity | Medium |
Description: SSL encrypts passwords and all data transmitted over the connection, providing increased security. To require the use of SSL, set the connection type to hostssl in the pg_hba.conf file.