A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://postgresql-anonymizer.readthedocs.io/en/stable/configure/ below:

Website Navigation


Configure - PostgreSQL Anonymizer

Configuration

The extension has currently a few options that be defined for the entire instance ( inside postgresql.conf or with ALTER SYSTEM).

It is also possible and often a good idea to define them at the database level like this:

ALTER DATABASE customers SET anon.restrict_to_trusted_schemas = on;

Only superuser can change the parameters below :

anon.algorithm Type Text Default value 'sha256' Visible only to superusers

This is the hashing method used by pseudonymizing functions. Checkout the pgcrypto documentation for the list of available options.

See anon.salt to learn why this parameter is a very sensitive information.

anon.maskschema Type Text Default value 'mask' Visible to all users

The schema (i.e. 'namespace') where the dynamic masking views will be stored.

anon.restrict_to_trusted_schemas Type Boolean Default value off Visible to all users

By enabling this parameter, masking rules must be defined using functions located in a limited list of namespaces. By default, only the anon schema is trusted.

This improves security by preventing users from declaring their custom masking filters. This also means that the schema must be explicit inside the masking rules.

For more details, check out the Write your own masks section of the Masking functions chapter.

anon.salt Type Text Default value (empty) Visible only to superusers

This is the salt used by pseudonymizing functions. It is very important to define a custom salt for each database like this:

ALTER DATABASE foo SET anon.salt = 'This_Is_A_Very_Secret_Salt';

If a masked user can read the salt, he/she can run a brute force attack to retrieve the original data based on the 3 elements:

The GDPR considered that the salt and the name of the hashing algorithm should be protected with the same level of security that the data itself. This is why you should store the salt directly within the database with ALTER DATABASE.

anon.sourceschema Type Text Default value 'public' Visible to all users

The schema (i.e. 'namespace') where the tables are masked by the dynamic masking engine.

Change this value before starting dynamic masking.

ALTER DATABASE foo SET anon.sourceschema TO 'my_app';

Then reconnect so that the change takes effect and start the engine.

SELECT start_dynamic_masking();

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4