 felly, mae gennym 20 minu o gofyn o sicrwyddiant. Rwy'n credu bod y dyfodol yn 40 minu yn y tyfnol, felly mae'n ddiweddol wedi bod yn gwneud yn gweithio'r gweithio a gwahanol. Rwy'n credu bod y ffwrdd o sicrwyddiant, mae'n cerddau bryd â'r cabrwyddiant of security experts that guard the code so we don't actually publicize that very often but you may know about the existence of security at postgresql.org so if you write an email to that address it gets responded to by a team of people that are as yet unnamed in any forum but the most important thing to understand is that postgres is secure because there are people protecting it okay and in some cases you'll see companies saying we provide security for postgres well actually it's this team that does the majority of that work okay so all of the assignments of cve numbers discussions about disclosure and such like come from this team so what i'd like to talk to you about is the new features in postgres 10 and many of you will know that we've had a number of different password facilities within postgres for a number of years plain text password obviously is not particularly useful uh so we've actually had md5 password protections um what we now know is that the md5 algorithms are not particularly useful and what we need is something much better than a simple 128 bit hashing so what we're moving to is char 2 256 bit encryption as used by bitcoin uh which you would think would be enough but there is a a char 512 bit as well that we could have chosen now the problem with that is it's extremely slow so one of the things that we've chosen in this release is just to implement the 256 bit version now that isn't the only thing that we've done and in fact that's not really the most important thing because what we've done is we've looked at the threat model that we're trying to protect against uh and thought about the fact that storing passwords on the client is difficult storing on on the server even is difficult if somebody manages to get access to the server and worse than that intercepting things in the middle of your conversation is also a problem and the fourth thing that's a problem is actually recording the responses between the server and the client and replaying them at a later date in order to gain access to the server so there's actually four different uh main problems uh that we would like to protect ourselves against and that's lucky because there's a protocol called scram uh that allows us to uh protect against all four of those problems it's an itf uh rfc it stands for assaulted challenging response authentication mechanism uh and what it actually does is involves uh more than one uh challenge and response messages passing between the client and the server now i'll come back to that in a sec but the uh the the scram protocol is actually implemented uh using an underlying protocol called SASL uh and uh what this does is allow us to future proof the um uh the protocol choices that we're making by uh producing an abstract layer uh by which we can uh interact with the server so what we've actually implemented in this release is scram on top of the SASL protocol what does that mean uh what that means is that we'll have the same security as a number of other vendors but also we'll have future proof security in the sense that if we invent future protocols we will be able to implement them really quickly so what we're talking about is we'll be moving to a situation where almost every release uh we will be able to keep up with authentication technology to the point that um we'll be able to stay abreast of the the latest security uh enhancements from the industry now we've done that in a number of other areas where we've been the first people to implement uh database consistency models or the first people to implement new indexing technology and this actually uh is a very important new feature for uh security now obviously uh what i'm talking about here is actually even more important in the context of services moving into the cloud because now we're actually uh looking at a world where uh the security is stronger when using Postgres in the cloud which is a very good thing so what we've implemented uh in this particular release is not actually directly pluggable by extensions but it will be extendable within the code for future releases so in postgres 10 we've implemented scram shah 256 uh and there's a quick example of how to uh store that uh for a particular role now the implementation is backwards compatible so if you upgrade to 10 it's not going to get in your way but what you do have is the ability to use this new feature if you choose uh so there's some settings in the pghba.conf that'll allow you to take advantage of these uh new settings and uh what we're able to do is store the uh the role password column in the pgauth id catalog table can now uh store within it verifiers that meet the scram standard so we'll be able to store md5 passwords as well as scram passwords in the server now when i say store the password the approved term now is verifier because the way that scram works is if somebody gets hold of your database for example a backup or a dump they may have the verifier information but because of the way that scram works that will not be enough for them to directly crack uh the the passwords used so there's actually um built into the scram system is uh this concept of multiple iterations that allows it to uh allows us to make it computationally intensive to actually crack passwords and as a result it will be much less feasible for people that don't possess very large cracking arrays to actually get inside the the database itself so a very important implementation at the same time we've also made it possible to produce dumps that don't contain uh the password or verifier information uh and uh that works with a number of implementations that have got uh sort of high security features added uh for example rds other changes in this release row level security has been substantially improved to make the planning work very efficiently in all cases and that's actually a very advanced implementation so row level security will still work even when you're doing quite complex joins in your sql so as a result i can say that with these changes row level security is completely full strength and ready for very very wide use within your organisations so whether you're looking at uh sort of military grade security medical privacy or perhaps some form of multi-tenant access will all be possible with these new facilities we've also made quite a lot of steps forward removing requirements for cpu user from within postgres and um they uh the last part of that was committed this afternoon uh in a patch called monitoring roles uh and for the first time we've actually got some default uh no login roles that will allow us to uh to make it easier to uh to grant access to various kinds of monitoring systems so these are standard default roles that will be available in in all postgres implementations and that should make it uh easier to use or at least easier than it was before so uh some quite important changes so uh the balance of features in this release is a good balance between uh uh advanced techie features and also usability features that have been uh causing people problems or minor annoyances uh over the time so um one last point is uh logical replication uh that's looking to get some kind of security model associated with it as well one of the things that we'd like to do is make it very easy to use from a security perspective uh so we're hoping that uh that will be something that we can change in this release so um thank you very much uh that was my 20 minute overview of security features in postgres 10 uh does anybody have any questions about these features that I can attempt to answer for you okay it's getting towards that time of day isn't it where it's like yeah okay yeah get off now so okay uh well thank you very much for listening I hope you enjoy the conference I'd specifically like to thank the organisers uh for organising uh a great event one of our largest to date so please at least say thank you very much to the organisers