PostgreSQL Security



My first “in-person” class of my graduate program was a discussion on security of PostgreSQL given by Bruce Momjian.  Not surprisingly, PostgreSQL offers a full range of SSL support and a slew of encryption options.  As impressive as the options are, the challenge seems to me, in deciding what trade-offs make sense for a particular employment.

For example, if one chooses column level encryption, than that data is not only encrypted to malicious entities, but to friendly daemons like the statistics collector.  There are definitely some interesting systems engineering decisions that need to made when deciding what data is critical enough to be encrypted.

On the TLS side, I couldn’t help but to think of Adam Langely’s (Google Chrome TLS guy) talk from HOPE#9, which I unfortunately did not attend but fortunately, the audio is now posted!  Essentially, if the state of web SSL is as bad as he says it is, I wonder how many databases actually have SSL incorporated correctly?  Of course, security is a multi-pronged beast and SSL isn’t going to help you when somebody steals the hard-drive with your database on it.

Having taken classes only online, I took advantage of this antiquated medium (going to class in person is so 2011) and asked a lot of questions, probably much to the chagrin of my fellow students.  But, it was a nice change of pace and I can see why so many physical study groups have sprung up from the Coursera courses.


Emacs and PostgreSQL

One of the nice things about going to grad school, is that I really get to refine my Emacs fu.  I’m taking this database class where we are using PostgreSQL and I’m using Emacs’ minor sql modes and I’m very impressed.  Now, I’m no emacs knight, nor do I have the Emacs-fu of the emacs rocks guy, but like any good student of zen, I’m maintaining a beginner’s mind (which is pretty easy to do with Emacs since it does pretty much everything).

Using the latest Aquamacs. BTW, I really like the new version of Gimp (which I used to blur the data). The left pane is my .emacs file since the queries are graded homework.

So, with the setup in the screenshot and working in the SQL minor mode, once I’ve written my query, I can shoot it over to the SQL Interpreter with at quick ^C-^C, which then runs the query and outputs the results, meanwhile the point stays right where I left it!  Logging into the database is easy by firing off \texttt{M-x sql-postgres} and entering your credentials.  This mode is even more essential when SSHing in the department CS machines, where I then must connect to a remote DB server, only accessible from another CS department machine.  Since this all is done in Emacs, in one screen, I have a complete SQL IDE, which is great.

This may seem a bit archaic to some to still use Emacs when there are other, more intuitive interfaces out there.  But even those vim users can appreciate that there is much to be had for learning the same tool and using it everywhere.  Admittedly, in this area I need some attention since I’m writing this post now in WordPress’ online editor, and I actually like Eclipse’s intellisense, and I’m tied to a proprietary editor at my day job.  But besides WordPress, Eclipse, Mail, roads, public order and sanitation, what has Emacs done for us!?!  Brought peace?!

Real Programmers
xkcd # 378. I’m glad to see there is actually a M-x Butterfly easter egg in Emacs 🙂

Areas where I think I can realistically incorporate Emacs:

  1. First draft of blog posts.  100% integration looks a bit wonky with WordPress and I’m still in that baby-blogger phase where I bounce back and forth from the preview to the  edit screen and make tweeks.  But the main draft can (and should) be authored from Emacs.
  2. Code more in Emacs.  For any of the scripting languages this is easy.  For C and C++, this isn’t too hard for me either since I never really grew up on Visual Studios, but for Java… Typing \texttt{this.} and then seeing a list of options is very handy.  Except when I had this kick where I was over-using reflection, then Eclipse can’t really keep up…
  3. Email.  I checked out gnus the other day and while I see how an Emacs only mail client can be done, with so much inline html these days, I’m not sure if its worth it.  But I’m poking a stick at this bear and I’ll probably come back to it.
  4. \LaTeX.  I love \LaTeX.  Once I learned WordPress supported this, I was even more addicted to WordPress.  My résumé, presentations, papers, letters (when I must actually print one out), are all done in lovable \LaTeX.  If you find yourself cursing at M$ Word, take the red pill my friend.  And then you’ll start cursing weird compile errors, but worry about that after you take the pill…  Many thanks to Brent over at The Math Less Traveled for showing me this!

Well, that’ll keep me busy for a while 🙂

Emacs mug, which sold out in less than a day! Under the mug, the book I’m currently reading. Behind it, some Leuchtturm 1917s and Umberto Eco’s Baudolino, which I’m half-way through and from which I’m taking a break and of course, a WIRED.