DEV Community

Pacharapol Withayasakpunt
Pacharapol Withayasakpunt

Posted on

2

How do YOU secure your remote database?

The simplest example would be MongoDB Atlas. Which IP addresses do you allow in development? (Why can't it be secured by SSH in development? Also, considering you work on the move, using mobile hotspot, how do you deal with it?)

Harder example is self managed DO droplet / VPS. How much do allow for ufw allow $PORT/tcp, or ufw allow from $IP to any proto tcp port $PORT?

At least in Postgres + DigitalOcean, I have to allow in three (3) places.

# /etc/postgresql/12/main/pg_hba.conf
host all all 0.0.0.0/0 md5
Enter fullscreen mode Exit fullscreen mode

My settings is actually host $DB $USER 0.0.0.0/0 md5, but what the heck is Subnet mask?

# /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'
Enter fullscreen mode Exit fullscreen mode
sudo ufw allow 5432/tcp
Enter fullscreen mode Exit fullscreen mode

But, isn't ALLOW ALL just bait for security hell?

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more