Summary

PostgreSQL is by default a secure database compared to other database systems. It has not had unauthenticated buffer overflow vulnerabilities in the core database, nor does it install with default passwords. The granularity provided by the access control mechanism (in pg_hba.conf) potentially makes the database difficult to attack without an initial foothold, such as a SQL injection vulnerability.

This chapter has demonstrated, however, that once a foothold has been gained , it is possible to escalate privilege, ultimately to be able to execute commands as the operating system database user . At this point, many other database systems would yield full control of the system given the elevated privilege that they run under. Additional effort is required on a system running PostgreSQL because it will run only under a low-privileged account.