po 31. 8. 2020 v 6:58 odesílatel Yogesh Sharma <yogeshraj95@xxxxxxxxx> napsal:
Dear All,Thanks for your support.We faced the below issue and our all DB backup data has lost.It seems Hacker deleted all the tables in the DB and created a single table called "warning". when I am trying to select this table so it's showing Error (relation "warning" does not exist). Hacker created one more database "please_read_me_xmg" with single 'warning' table.Could you please let us know how we can secure postgres DB from hackers.Although we have specified only one IP in pg_hba.conf file instead of all.
pg_hba.conf is not enough protection against SQL injection. Probably your application is vulnerable against SQL injection.
The basic security mechanism is using more roles - one role like table, database owner, second role(s) for applications. In this case the attacker cannot change schema if compromite some application roles. You can use another mechanism like - RLS - row line security, ...
Regards
Pavel
