Postgres Conference

#content { display: none; } JavaScript is not enabled OSEM requires JavaScript to be enabled to function. Please turn on JavaScript in your browser's settings and reload the page to continue.

Presented by:

Bennie Swart

Quant Engineering Solutions

No video of the event yet, sorry!

Download the Slides

In this talk we examine the use cases of Row Level Security (RLS) which was introduced in PostgreSQL 9.5.

In traditional applications, it is very common to find a lot of access control code residing inside the application layer, where the application connects to the database with a single database user, but multiplexing multiple application users. The database user typically has more rights than the application user, and the application is responsible for restricting the rights of the application user. This approach requires developers to constantly add access control logic for new features, and even experienced developers make mistakes which could lead to security vulnerabilities.

Using RLS, the majority (if not all) of the access control logic can be moved from the application layer to the database layer, such that authentication and access control are both done in the database. This means that you could essentially grant users freeform SQL access, since the database takes care of access control. This is especially useful in multi-tenant databases. Developers are now free to focus on the business logic, without having to maintain large chunks of access control code.

We look at an example of how this RLS approach can be practically implemented, and compare it to a traditional implementation. We also consider the performance impact of RLS along with the security and development benefits.

Date:: 2019 March 21 11:00 EDT
Duration:: 50 min
Room:: Grammercy
Conference:: Postgres Conference
Language:
Track:: Use Cases
Difficulty:: Medium

Code of Conduct

Code of Conduct

Introduction

Postgres Conference (PostgresConf) prides itself on the quality of our community and our work, and the technical and professional accomplishments of our community. We expect everyone who participates to conduct themselves in a professional manner, acting with common courtesy and in the common interest, with respect for all of our community.

It is the expectation that PostgresConf community members will adhere to the PostgresConf Code of Conduct (CoC).

Inclusivity and Appropriate Conduct

PostgresConf is open to participation by anyone with an interest in working with Postgres and related technologies, regardless of their level of experience with the software, or with technology in general. We encourage contributions from all individuals, whatever their background may be.

Personal attacks and negative comments on personal characteristics are unacceptable, and will not be permitted. Examples of personal characteristics include, but are not limited to age, race, national origin or ancestry, religion, political affiliation, gender, or sexual orientation.

Additional behaviors which are also violations of this CoC include, but are not limited to, threats of violence against an individual or group, threats of professional, community, and/or project sabotage, unwelcome sexual attention in any form, engaging in behavior that may bring PostgresConf into disrepute, and refusing to cease inappropriate conduct when requested to do so.

Retaliation

It is also expressly forbidden for anyone to retaliate against a person who brings a complaint under this CoC, or who assists in investigating such a complaint. Retaliation may take the form of, among other actions: further personal attacks (public or private); actions which undermine an individual's professional status and/or status with their employer, coworkers, clients, or community; actions which threaten the individual's privacy, physical person, well-being, home, and/or family. Acts of retaliation will be treated in the same manner as any other violation of this CoC.

Reporting

PostgresConf believes that only objective parties can properly handle Code of Conduct issues. Therefore we contract with Lighthouse an independent and objective party to handle all reports.

There are three ways to submit a report 24 hours a day:

Website: https://www.lighthouse-services.com/postgresconf
Toll-Free Telephone:
English speaking USA and Canada: 833-490-0007
Spanish speaking USA and Canada: 800-216-1288
E-mail: reports@lighthouse-services.com (include PG Central Foundation within the report)

Acting in Good Faith

Any allegations that prove not to be substantiated, and which prove to have been made maliciously or knowingly to be false, will be viewed as a serious community offense and a violation of this CoC.

Conclusion

We encourage appropriate and collegial relationships among community members; however, members must be sensitive to conduct that may be considered offensive by fellow members and must refrain from engaging in such conduct.

In all interactions with the community, use your professional judgment, and keep the discussion focused on moving our project and our community forward in a positive direction for all.

Presentation Guidelines

Presentation Guidelines

Why Guidelines

The Postgres Conference is a non-profit, community driven conference series delivering the largest education and advocacy platform for Postgres. In an effort to create a productive and profitable environment for our community we must set a bar of expectation for content and we set the bar high.

The community is comprised of users, developers, core-contributors, sponsors, advocates, and external communities. We work hard to create a professional, valuable, and highly educational environment that produces a net result of, “Wow, that conference was very well done. It had great content with knowledgeable professionals, educators and advocates!”

Types of Presentations We Accept

Any presentation that has a tie-in to Postgres will be considered for acceptance into one of our event programs. This includes, but is not limited to, presentations on Open Source Projects, Postgres forks, extensions, new APIs, and languages. As a conference that makes it a goal to incorporate the entire community we also consider business cases, product talks, and service presentations. Presentations that are not related to the success of Postgres will not be considered.

Laptop connections supported

The Postgres Conference will provide a HDMI connection. If you do not have a HDMI port, it is the speaker’s responsibility to provide an adapter.

What about X technology?

When considering whether to submit a topic or not, ask yourself, “Is this presentation in some way related to the success of Postgres?” If it is, then it will be considered. This includes limitations of our great database. It also includes forks of Postgres both closed and Open Source. These types projects and products ultimately contribute to the success of Postgres.

How do presentations on forks or closed source versions help the success of Postgres?

Postgres is BSD style licensed. The BSD license is a true freedom license. The only license that maintains a higher level of freedom for Open Source development is the anti-license: Public Domain. That means the community embraces all forms of use for Postgres as long as it abides by the license.

A presentation on RDS Postgres, Google Cloud Postgres or Greenplum increases overall success via visibility, lowers the barrier of entry for new Postgres users, and supports our commercial community with hard earned efforts to create Postgres products.

Shouldn’t the community be promoting Open Source solutions over proprietary closed source solutions?

Yes, the end goal is that the deployed Postgres is the Open Source Postgres and preference will always be given to Open Source Postgres presentations. However, we offer presentation opportunities to our sponsors that may or may not advocate Open Source Postgres. Sponsors are welcome to present on any topic as long as it follows the guideline of: Does it promote the success of Postgres?

Types of Presentations

PostgresConf offers several presentation opportunities:

Presentation: 20 minutes
Breakout Sessions: 50 minutes
Keynotes: 10 and 20 minutes
Half and Full Day trainings (NOTE: Paid registrants receive priority seating, and trainings are restricted according to badge level)

Cancellation Policy

This tool is free software, released under the MIT license. You can run, copy, distribute, study, change and improve it. The source code and the developers are on github.