For my day job, I’ve been posting about the set_user extension, which BigSQL now includes in our Postgres distros.

Here is the first post (I’m writing a series and will add as I move along). It’s a necessary enhancment to your PostgreSQL in today’s world of data breaches. Read on…

BigSQL + set_user Extension

We are excited to announce our newest addition to the available components with BigSQL PostgreSQL Windows, Linux, and OSX distributions: set_user 1.4.0!

And… to kick it off, we will be writing multiple posts about this essential security extension.

But first (for the uninitiated) some context…

Since the Sarbanes–Oxley Act passed in 2002 as a response to the Enron/Tyco/WorldCom scandals, auditing a user’s (esp. superuser’s) access and interactions with data has become a requirement by law for publicly owned companies:

Section 302.4.B – Establish verifiable controls to track data access. Requires internal controls over data, so that officers are aware of all relevant data for reporting purposes. Data must exist in a verifiably secure framework which is internally controlled.

Companies storing financial data are particularly vulnerable to hacking attempts as has been reiterated in the latest Equifax breach.

In addition, organizations that deal with human subject data (e.g. health and research) are bound to HIPAA and/or IRB rules that if violated, can result in jail time.

And.. as fear of hacking, invasion of privacy, and possibly worse in an uncertain technological future creeps into our collective consciousness… securing our data has become a top priority for all IT professionals.

No company (or DBA) wants to end up as a headline in the daily news or the inspiration for the plot of another modern day dystopian television show.

set_user extension

Panicking yet? Well, you can take some proactive measures to better secure your data and avoid disaster. One component you can add to your security toolbox is the PostgreSQL set_user extension which provides:

Privilege escalation control at a granular level; and the required audit trail of actions taken by a user while its privileges have been escalated.

Anyone who has worked on modern Linux distros is familiar with the use of sudo to control access to root (the OS superuser). set_user is the same, but for your database.

And… it is now available with the BigSQL distribution.

So, are you sufficiently scared enough to stop procrastinating and take action? Are you ready to add enhanced logging and control on your superusers?

Over the next few days, we will be releasing a posts that cover installation, configuration, instruction, logging, and the advanced security options available.

Up first… Part 1: set_user Installation and Set-Up.