po 31. 8. 2020 v 6:58 odesÃlatel Yogesh Sharma <yogeshra...@gmail.com> napsal:
> Dear All, > Thanks for your support. > > We faced the below issue and our all DB backup data has lost. > > It seems Hacker deleted all the tables in the DB and created a single > table called "warning". when I am trying to select this table so it's > showing Error (relation "warning" does not exist). Hacker created one more > database "please_read_me_xmg" with single 'warning' table. > > Could you please let us know how we can secure postgres DB from > hackers.Although we have specified only one IP in pg_hba.conf file instead > of all. > pg_hba.conf is not enough protection against SQL injection. Probably your application is vulnerable against SQL injection. The basic security mechanism is using more roles - one role like table, database owner, second role(s) for applications. In this case the attacker cannot change schema if compromite some application roles. You can use another mechanism like - RLS - row line security, ... Regards Pavel
