A PostgreSQL That Emphasizes Data Security: AgensSQL

Published in AGEDB , 3 min read, Apr 17

Nowadays, the importance of data security has never been more critical, especially with sensitive information to be maintained by databases. AgensSQL is a powerful and reliable relational database built atop the solid foundation of PostgreSQL, but it takes the security level to a higher limit for any data structure, providing much flexibility and empowering what PostgreSQL is known for.

AgensSQL: Security at Its Core

AgensSQL basically builds on a solid PostgreSQL and adds more features that are also meant to provide support for security. This relational database ensures companies operate on data with security, as it is also built at the core of the application. Let's discuss its main security features, with a little more emphasis on the database audit.

Data Masking: Protecting Sensitive Information

This provides critical security benefits that make data masking an attractive enforcement capability. The nature of such a facility dictates ensuring that only a view relevant to a person sensitive to information is obtained, for example, by providing an asterisk view instead of the real credit card numbers to be seen by a customer service representative. And that is exactly how AgensSQL protects personal and confidential information from unwanted exposure to unauthorized personnel while allowing this database to be used in tests and developments.

Password Profiling: Strengthening Access Control

AgensSQL significantly enhances security with its password profiling feature, which establishes comprehensive rules for password management. This feature enriches PostgreSQL's security by not just enforcing password complexity but by introducing several mechanisms to safeguard user access:

Monitoring Failed Login Attempts: AgensSQL keeps track of failed login attempts, providing visibility into potential unauthorized access attempts.
Account Lockout: To prevent brute force attacks, accounts are automatically locked after too many failed login attempts, enhancing the security of the relational database.
Password Expiration and Grace Periods: Passwords can be marked for expiration, with a grace period defined for users to update their password, ensuring passwords are regularly updated and remain secure.
Complexity Requirements: Password profiling mandates rules for password complexity, such as the use of uppercase and lowercase letters, numbers, and symbols, making passwords harder to crack.
Limitations on Password Re-use: Defines rules to prevent users from re-using old passwords, ensuring that new passwords are always fresh and more secure.
Seamless Migration: Implementing these advanced security features does not require modifications to existing business applications, making migration to AgensSQL smooth and hassle-free

By integrating these characteristics, AgensSQL's password profiling feature significantly strengthens the security posture of PostgreSQL databases, ensuring robust access control without compromising ease of use or requiring changes to existing applications.

Database Audit: Keeping an Eye on Data Operations

One of the important security features in AgensSQL is database audit capability. This traces and audits all the operations executed in the database to ensure that any sign of a security breach, unauthorized database access, or anything suspicious is not overlooked. The feature of being able to record details about the operations performed within the database gives AgensSQL an even better compliance and forensic analytical kind of security level. An audit log provides detailed records of all activities in a system. It comprises terminal ID and user ID to identify the source of system access, access time information, accessed network, access details, targeted files, applied changes, utility usage, security events, and system notifications. AgensSQL, built on PostgreSQL, utilizes the PostgreSQL Audit Extension, pgaudit, to provide detailed session and/or object audit logging. While PostgreSQL's standard logging feature, 'log_statement = all,' is suitable for monitoring and other purposes, it doesn't offer the level of detail necessary for auditing. Hence, pgaudit provides PostgreSQL users with the capability to generate audit logs often required for compliance with government, financial, or ISO certifications:

1) Compliance

For organizations within industries governed by compliance frameworks (PHI DDS / HIPAA, etc.), audit logs are a must. Audit logs are used as an official business record and are essential for inspecting and approving IT systems. They are essential because they allow for clear accountability in the event of a problem.

2) Increase security

Audit logs provide a detailed record of all activity within your system, providing security evidence of data security breaches outside of standard activity or external threats attempting to gain unauthorized access. This can help you find potential security vulnerabilities, identify and remediate data misuse, and respond quickly to emergency security events.

3) Gain insights

Audit logs provide a guide to understanding how users interact with your system. Tracking user activity gives you insight into performance, productivity, and efficiency, while also allowing you to more quickly identify and resolve issues that might otherwise spiral out of control.

4) Risk management

A clear audit trail provides evidence of what security measures your organization takes to ensure data protection. When used as a risk management framework, audit logs help demonstrate that a particular business is a low-risk opportunity.

Details of AgensSQL's Auditing Features

1) Audit log format

The AgensSQL auditing feature logs events. The log format is provided in comma-separated values (CSV) for easy analysis.

2) Audit Events

AgensSQL auditing can audit a variety of events. For example, you can audit the You can log database operations such as SELECT, INSERT, UPDATE, and DELETE. You can also view the database, such as accesses by specific users, access failures, database object creation, and more. You can also log administrative tasks.

3) Log file location

AgensSQL auditing is stored in the log directory of AgensSQL by default. The log location is This can be changed with the log_directory setting.

4) Filtering the AgensSQL Audit feature

If necessary, you can filter to record only certain events. For example, you might want to record events from a specific table or You can set filters, such as users, to reduce log size.

5) Analyze logs

AgensSQL auditing can help you identify database usage patterns, security issues, errors, and errors when logs are properly analyzed. and more. Database audit logs are available in the Database Security Auditing and It plays an important role in compliance.

Audit Settings Description


Considerations and cautions for use

There are some considerations and caveats to keep in mind when using the auditing features of AgensSQL:

  1. Depending on your settings, you can generate a large amount of logging, so be sure to determine exactly what you need audit logging for and set it up appropriately.
  2. Because logs are typically stored with the operating system, they can quickly consume disk space, so it's important to make sure you have enough disk space and clean up your logs regularly.
  3. If you cannot limit audit logging to specific tables, you should evaluate the performance impact during testing and allocate enough space on the log volume. Even if the performance impact of audit logging is not high, you should consider the impact on latency
  4. To limit the number of relationship audits that are recorded for SELECT and DML statements, you can use object audit logging. This can reduce the overall log volume and avoid the hassle of explicitly adding logging settings every time a new relationship is added.
  5. When an object is renamed, the object name is recorded with the renamed name.
  6. Commands can be recorded more than once, so it's important to keep this in mind.
  7. Autovacuum and Autoanalyze are not logged.
  8. Because you can't reliably audit superusers, we recommend restricting access to superuser accounts and escalating permissions using the set_user extension if necessary.

Why AgensSQL Stands Out

AgensSQL is not an average product of a relational database; rather, focused exactly like a laser beam in terms of data security for yet another version of PostgreSQL. From the performance of database audit, password profiling, and data masking, AgensSQL makes sure that businesses that use PostgreSQL don't have to compromise on security. It is made up of many features built on top of the robust base that PostgreSQL has laid down and allows organizations a solution to management that is secure, powerful, flexible.

This comes at a time when data breaches are so costly and damaging; AgensSQL brings peace of mind by harnessing advanced security features that blend in with the rest of the established, widely adopted PostgreSQL ecosystem. Whether customer data, financial records, or any other confidential business information, AgensSQL ensures a strong relational database that does not get lost into the shuffle.

The information you provide will be used in accordance with our Privacy Policy .