googlekong

Secure PostgreSQL

Once you have created a new database and user for your application, connect your applications to the PostgreSQL server using that database and password.

It is strongly recommended that you do not have empty passwords for any user accounts when using the server for any production work.

Allow remote access only from the database user associated with the database name by editing the pg_hba.conf file on the database server host as explained below.

  • Comment out the line that allow remote access to all users, if it exists, by placing a hash symbol (#) before it:

      #host all all all md5
    
  • Add a line for the new user:

      host DATABASE_NAME USER_NAME all md5
    
  • If your application will be connected from a fixed domain or IP address, you should update your pg_hba.conf file to only accept connections from that server instead:

      host DATABASE_NAME USER_NAME applicationserver.domain.com md5
    

    or

      host DATABASE_NAME USER_NAME IP_ADDRESS 255.255.255.255 md5
    
  • Change your postgres user password as explained in this section.

Last modification December 21, 2022