DEV Community

Pacharapol Withayasakpunt
Pacharapol Withayasakpunt

Posted on

How do YOU secure your remote database?

The simplest example would be MongoDB Atlas. Which IP addresses do you allow in development? (Why can't it be secured by SSH in development? Also, considering you work on the move, using mobile hotspot, how do you deal with it?)

Harder example is self managed DO droplet / VPS. How much do allow for ufw allow $PORT/tcp, or ufw allow from $IP to any proto tcp port $PORT?

At least in Postgres + DigitalOcean, I have to allow in three (3) places.

# /etc/postgresql/12/main/pg_hba.conf
host all all 0.0.0.0/0 md5
Enter fullscreen mode Exit fullscreen mode

My settings is actually host $DB $USER 0.0.0.0/0 md5, but what the heck is Subnet mask?

# /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'
Enter fullscreen mode Exit fullscreen mode
sudo ufw allow 5432/tcp
Enter fullscreen mode Exit fullscreen mode

But, isn't ALLOW ALL just bait for security hell?

Top comments (1)