One of the most common questions from new PostgreSQL users is “how do I connect to the database server?” The nuances of pg_hba.conf and how to correctly enable your Python web app to connect to your db server without opening up connections to all users and all servers is not simple for someone new to Postgres. And architecting a secure multi-tenant SaaS system requires knowledge of how roles, schemas, databases, and search paths interact. That’s one reason we wrote a Security Whitepaper a while back.
But, after seeing thousands of MongoDB instances taken hostage by ransomware the “no authorization required” default for MongoDB is looking like a very dumb idea. Just imagine what executives whose developers picked MongoDB are saying today:
“You mean we store our client list in a database without security?
“Anyone can just delete our NoSQL database from the internet?”
“Were we hacked last year when you said we lost data in MongoDB?”
So, a quick “Thank You” to PostgreSQL for making sure that your data is Secure By Default.