How Secure Is Your Database? Hacking Postgres with Hathi - Network Security and Authentication

Explore PostgreSQL database security vulnerabilities and learn how to protect against them in this conference talk from Citus Con: An Event for Postgres 2022. Discover the intricacies of Postgres network security, common flaws in pg_hba.conf configurations, and potential username and password vulnerabilities. Follow along as Anthony Shaw demonstrates the use of Hathi, an open-source dictionary attack tool, to identify and address insecure PostgreSQL setups. Gain valuable insights into network attack vectors, DMZs, and essential tips for enhancing Postgres database security. Watch a live demo of Hathi in action and participate in a Q&A session to deepen your understanding of database protection strategies.

Introduction.
Network security in Postgres.
Typical authentication workflow in Postgres.
Can I guess your login?.
Can I guess your password?.
Using Hathi to hack Postgres.
Installing & running Hathi.
Demo.
How can we solve the network security problem?.
Q&A with Anthony & Aaron.