In the digital age, privacy and data integrity have become two of the most talked about areas of computing. It seems
that almost every day someone else has been cracked, or a new security hole has been found in an application
you once trusted.
At the same time, the encrypting of data sessions has become veritably common place amongst computer users. Every
reputable e-commerce site uses
(the Secure Sockets Layer) to protect user data while transmitting
personal information such as credit cards and home addresses across the Internet.
The most common type of crack executed on a machine is not really a "crack" at all. It is usually an unsuspecting
user trusting a protocol such as POP or FTP to transfer information over the Internet. By using these protocols, the user
can unknowingly transmit their login and password in
(in an unencrypted form) over the
The transmission of data such as login names and passwords in clear text over the Internet means that anybody using a
program (an application that listens to network traffic between two parties) could potentially
gain access to your most personal information. In the world of databases, this scenario is no different.
If you connect remotely to PostgreSQL without the use of an encryption technology, there is a potential for misuse by
crackers on the Internet. If a cracker uses a sniffer on your network, or on a network between your client and the database
server that you are connecting to, they can gain complete access to the information that is stored within PostgreSQL.
We will cover three general methods of encrypting your data between PostgreSQL and client connections:
- Built-in SSL
The built-in PostgreSQL SSL support, enabled with the
flag at compilation, allows
(or any client written specifically to connect to
PostgreSQL through SSL) to connect securely to PostgreSQL.
(Secure SHell) session may be used to create a
a remote server, provided that an SSH daemon (e.g.,
) is installed and accessible by the connecting
user. This requires shell access to the system running PostgreSQL for each user who wishes to connect.
Stunnel is an application which creates an encrypted tunnel between a client and the
PostgreSQL server. The Stunnel method requires shell access to set up, but may be configured to run on a client
system for a user who does not have direct shell access to the remote server.