Data Security Maintenance Suggestions
In order to ensure the data security in the openGauss database and avoid accidents such as data loss and illegal access to data, please read the following contents carefully.
prevent data from being lost
It is recommended that users plan periodic physical backups and store backup files reliably. In the case of a serious error in the system, the backup file can be used to restore the system to the state before the backup.
Prevent data from being illegally accessed
It is recommended to implement hierarchical authority management for database users. The database administrator establishes users and grants permissions according to business needs, ensuring reasonable access to the database by each user.
For openGauss servers and clients (or applications developed based on client libraries), it is best to deploy them in a trusted intranet. If the server and client must be deployed in an untrusted network, SSL encryption needs to be enabled before the service is started to ensure the security of data transmission on the untrusted network. It should be noted that turning on SSL encryption will reduce the performance of the database.
Avoid system logs leaking personal data
Please remove personal data before sending debug logs to others for analysis.
Note: When the log level (log_min_messages) is set to DEBUGx (x is the DEBUG level, the value range is 1~5), the information recorded in the debug log may contain the user's personal data.
Please delete personal data before sending system logs to others for analysis. Because in the default configuration, when an SQL statement is executed incorrectly, the error SQL statement will be recorded in the log, and these SQL statements may contain user personal data.
Setting the value of the log_min_error_statement parameter to PANIC can prevent the error SQL statement from being recorded in the system log. If this function is disabled, when a fault occurs, it is difficult to locate the cause of the fault.
Top comments (0)