PostgreSQL Security Hardening
6 min read
Secure PostgreSQL: use scram-sha-256 authentication in pg_hba.conf, enable SSL, change the postgres superuser password, and grant apps only the minimum required permissions. Block direct internet access to port 5432.
Securing PostgreSQL
- Set a strong password for the postgres superuser
- Edit
pg_hba.conf to restrict access by IP - Use SSL connections in production
- Create application-specific roles with minimal privileges
- Enable
log_connections and log_disconnections - Regularly audit
pg_stat_activity
# postgresql.conf
ssl = on
log_connections = on