security-doc/security-guide/source/databases/database-backend-considerations.rst

Database back end considerations

PostgreSQL has a number of desirable security features such as Kerberos authentication, object-level security, and encryption support. The PostgreSQL community has done well to provide solid guidance, documentation, and tooling to promote positive security practices.

MySQL has a large community, widespread adoption, and provides high availability options. MySQL also has the ability to provide enhanced client authentication by way of plug-in authentication mechanisms. Forked distributions in the MySQL community provide many options for consideration. It is important to choose a specific implementation of MySQL based on a thorough evaluation of the security posture and the level of support provided for the given distribution.

Security references for database back ends

Those deploying MySQL or PostgreSQL are advised to refer to existing security guidance. Some references are listed below:

MySQL:

• OWASP MySQL Hardening
• MySQL Pluggable Authentication
• Security in MySQL

PostgreSQL:

• OWASP PostgreSQL Hardening
• Total security in a PostgreSQL database