security

Postgres and TLS Certificates

The PostgreSQL that ships with most linux distributions is setup with Snakeoil TLS certificates by default. Managing these certificates is not any different to any other service, yet for some reason this is an often neglected task that leaves your database connections exposed to certain types of attack. This post discusses the — very few — steps required to use Let’s Encrypt certificates to secure your PostgreSQL sessions as well as an easy way to monitor your servers.

Safeguarding your website visitors

This post discusses various additions in your website configuration that help protect your visitors from various forms of attack. While not really a requirement for most personal sites such as this, hopefully the discussion below will be of help to people in charge of more sensitive sites.