Defense in Depth

Information Assurance and Security in the Database

PgDCP requires database-first security, which means PostgreSQL schemas, users, roles, permissions, and row-level security (RLS) should drive all data security requirements. Role-based access control (RBAC) and attribute based access control (ABAC) should be implemented in PostgreSQL stored routines. If necessary, ldap2pg can be used to synchronize roles with LDAP.

Because all our API functionality (except for serving the endpoints) will also be in the database we want to ensure that we secure views, stored procedures, and stored functions as if they were the API endpoints. OWASP API Security Project provides some great advice.

Zero Trust SQL (ztSQL) for Zero Trust Data Access (ZTDA)

Zero Trust is a generally accepted cybersecurity approach that eliminates implicit trust in favor of continuously validating each stage of digital interactions. PgDCP encourages the same “never trust, always verify,” with Zero Trust SQL (ztSQL). ztSQL is designed to protect database environments and enable faster development by allowing anyone to run any SQL but leveages row-level security, attribute-based- access-control, role-based access control, and data segmentation within the database. Granular, “least access” policies should be implemented within the database so that Zero Trust Data Access (ZTDA) is possible.

Securing Access to the Database

If all access management is in the database, then securing access to the database is paramount. To that end, see:

• Securing Databases with Dynamic Credentials and HashiCorp Vault
• Using Vault to manage dynamic credentials of a Postgres