PostgreSQL Connection String
Service Name: PostgreSQL
Service Description: PostgreSQL is an advanced, enterprise-class, and open-source relational database system. It supports both SQL (relational) and JSON (non-relational) querying and is known for its proven architecture, reliability, data integrity, robust feature set, and extensibility.
Service Address: https://www.postgresql.org/
Validation Type: API Auth
IP Allow list: IP restrictions can be configured in the PostgreSQL configuration file (pg_hba.conf) to limit connections based on IP addresses or ranges.
Secret Access Scope: Grants direct access to a PostgreSQL database, including the ability to read, write, modify, and potentially delete data depending on the user's permissions.
Secret Revokement URL: Does not exist (managed through database administration)
Secret Example: postgresql://username:password@hostname:5432/database
Suspicious Activity Investigation Instructions:
- Review database logs for unusual query patterns or access times
- Check for unexpected high-volume data transfers or unusual query types
- Monitor for unauthorized schema changes or table modifications
- Look for login attempts from unusual IP addresses or locations
- Examine user permission changes or role assignments
Mitigation Instructions:
- Change the password for the affected database user immediately
- Revoke and rotate any compromised credentials using:
ALTER USER username WITH PASSWORD 'new_password'; - Review and restrict database user permissions to follow the principle of least privilege
- Update connection strings in all applications using the affected credentials
- Enable connection encryption (SSL/TLS) if not already in use
- Implement IP-based access restrictions in pg_hba.conf
- Consider implementing connection pooling to better manage and monitor database connections
- Enable more detailed logging to track future access attempts