The following statement is hereby made for this document.
- The purpose of this document is to introduce Tencent Cloud's security overview of PostgreSQL products and services to customers, and the contents of some products and services may be adjusted. If you have a mandatory requirement on this, it is recommended that you make an agreement with Tencent Cloud with a written commercial contract (SLA). Otherwise, Tencent Cloud does not make any express or mode commitment or guarantee to the content of this document.
- This document only involves "part of" the technical security features among the wide range of security features.
- This document is not intended as the reference document for national or industry information security standards or requirements.
- This document has been refined for readability. In the event of any ambiguity or inaccuracy, refer to Item 1.
- Tencent Cloud reserves the right of interpretation of this document.
TencentDB for PostgreSQL has been certified by the following standards and complies with the related security requirements:
Some features of PostgreSQL are designed by referring to:
PostgreSQL complies with the requirements of National Classified Protection of Information Security (Class 3). Some of the product features meet the standards for Financial Industry Information Security (Class 4).
To improve the security of database server system and ensure the security of various OPS activities, Tencent Cloud has implemented a series of security reinforcement measures, including but not limited to:
For Tencent Cloud database management systems and administrators, discretionary access control scheme is implemented, including but not limited to:
Provide comprehensive security audit and risk control mechanism: audit functions include, but are not limited to, database operation audit, management system operation audit, file operation audit, plug-in Device operation audit, illegal outreach audit, IP address change audit, service and process audit, etc. The audit scope covers every operating system user and database user on the server; for example, important security-related events in the system, such as Tencent Cloud administrator behavior, abnormal use of system resources and use of important system commands; audit records include date, time, type, entity logo, object identification and results, etc. Audit records are kept for more than 1 year and stored in a location with a higher level of security to avoid unexpected deletions, modifications or overwrites.
Tencent Cloud takes multi-dimensional approaches to intrusion prevention for database servers:
Tencent Cloud database provides Backup and Restore function of data by default. By default, full backup files are backed up in the early hours of every morning and retained for 7 days (automatic backup, optional backup duration, COS backup service and other features will be provided later.); xlog files will be automatically backed up for 7 days when users operate. Backup files can be downloaded from instance Management-> backup Management in the console, as shown in the following figure (full backup files are in the backup list in the red box, and xlog files required for incremental backup are in the xlog list in the green box). Resume, who can carry out data through full backup files and xlog, see Resume's PostgreSQL data on Cloud Virtual Machine Document.
For returned or replaced devices, Tencent Cloud will clear the residual information timely to ensure the previous user's sensitive information such as authentication information, files, directories and database records are released in time or completely cleared before reassigning the devices to other users.
Tencent Cloud's internal OPS staff are required to go through a two-factor authentication and non-repudiation scheme before logging in to the system. All the personnel involved have signed a confidentiality agreement.