Book Image

PostgreSQL 10 Administration Cookbook - Fourth Edition

By : Simon Riggs, Gianni Ciolli
Book Image

PostgreSQL 10 Administration Cookbook - Fourth Edition

By: Simon Riggs, Gianni Ciolli

Overview of this book

PostgreSQL is a powerful, open source database management system with an enviable reputation for high performance and stability. With many new features in its arsenal, PostgreSQL 10 allows users to scale up their PostgreSQL infrastructure. This book takes a step-by-step, recipe-based approach to effective PostgreSQL administration. Throughout this book, you will be introduced to these new features such as logical replication, native table partitioning, additional query parallelism, and much more. You will learn how to tackle a variety of problems that are basically the pain points for any database administrator - from creating tables to managing views, from improving performance to securing your database. More importantly, the book pays special attention to topics such as monitoring roles, backup, and recovery of your PostgreSQL 10 database, ensuring high availability, concurrency, and replication. By the end of this book, you will know everything you need to know to be the go-to PostgreSQL expert in your organization.
Table of Contents (14 chapters)

Checking whether all users have a secure password

PostgreSQL has no built-in facilities to make sure that you are using strong passwords.

The best you can do is to make sure that all user passwords are encrypted, and that your pg_hba.conf file does not allow logins with a plain password. That is, always use the SCRAM-SHA-256 the login method for users, which is new in PostgreSQL 10. Any servers upgrading from earlier versions should upgrade from md5 to SCRAM-SHA-256 password encryption.

For client applications connecting from trusted private networks, either real or virtual (VPN), you may use host-based access, provided you know that the machine on which the application is running is not used by some non-trusted individuals. For remote access over public networks, it may be a better idea to use SSL client certificates.