PostgreSQL supports several options for securing communications when
deployed outside the typical webserver/database combination, or in
high security environments. This talk will go into some details about
the features that make this possible. The main areas discussed are:
* Securing the PostgreSQL infrastructure and runtime environment
* Securing the channel between client and server using SSL, including
an overview of the threats and how to secure against them
* Securing the login process with methods including LDAP, Kerberos or
Magnus Hagander is a member of the PostgreSQL Core Team and a developer and code committer in the PostgreSQL Global Development Group. Magnus is one of the original developers of the Windows port of PostgreSQL, and currently a part of the team that maintains it. These days, he mostly works on other parts of the PostgreSQL backend, recently with a focus on security features such as authentication and encryption. He is also one of the core members of the postgresql.org infrastructure team, maintaining the servers that power the project, and one of the maintainers of the postgresql.org website. He also contributes to pgAdmin and other related projects. He’s been a PostgreSQL user since version 6 (with some non-serious use of Postgres 95 before that), and currently serves on the Core Team and as President of the Board for PostgreSQL Europe.
To pay the bills, he is a PostgreSQL and open source software consultant at Redpill Linpro in Stockholm, Sweden, where he works on consulting, support and training services, as well as custom development work.