DEV Community

Pacharapol Withayasakpunt
Pacharapol Withayasakpunt

Posted on

2

How do YOU secure your remote database?

#discuss #digitalocean #database #security

The simplest example would be MongoDB Atlas. Which IP addresses do you allow in development? (Why can't it be secured by SSH in development? Also, considering you work on the move, using mobile hotspot, how do you deal with it?)

Harder example is self managed DO droplet / VPS. How much do allow for ufw allow $PORT/tcp, or ufw allow from $IP to any proto tcp port $PORT?

At least in Postgres + DigitalOcean, I have to allow in three (3) places.

# /etc/postgresql/12/main/pg_hba.conf
host all all 0.0.0.0/0 md5
Enter fullscreen mode Exit fullscreen mode

My settings is actually host $DB $USER 0.0.0.0/0 md5, but what the heck is Subnet mask?

# /etc/postgresql/12/main/postgresql.conf
listen_addresses = '*'
Enter fullscreen mode Exit fullscreen mode 
sudo ufw allow 5432/tcp
Enter fullscreen mode Exit fullscreen mode

But, isn't ALLOW ALL just bait for security hell?

Top comments (0)

profile
Coherence
 Promoted

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Read next

mikeyoung44 profile image

AI Image Models Are Secretly GAN Discriminators, New Study Reveals Better Training Method

Mike Young -

mikeyoung44 profile image

AI System Beats GPT-4 by 24% in Engineering Design Using Tree-Based Problem-Solving

Mike Young -

mikeyoung44 profile image

Web AI Agents Have 3x Higher Security Risk Than Traditional AI Models, Study Shows

Mike Young -

rivkaavraham profile image

auth0 secret

Rivka -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay