
Ask HN: Any advice on extra database security? - aguilar
I am currently working on a DaaS API project. The company I work for has a customer who pays to query data. Because data is the company&#x27;s most valuable asset, leadership is very concerned about its security. It is the first project in DaaS format, usually data is delivered within our application &#x2F; UI.
We are creating a separate database with only the data set for that particular client, which will be encrypted and unlabeled. This data will be available in a unique environment with a single API for this purpose only. The API has time limit on queries.
If any of you have had experience in a similar scenario, would you like some advice or ideas to help me?
What would be an outline of your solution for extra security in this case?
Thank you all in advance!
======
jacques_chester
If your database offers the capability to use row-level security (aka virtual
private database), that should be your first port of call. PostgreSQL, SQL
Server, Oracle DB DB 2 support this capability. I'm sure others do as well.

As for time limits, you can also look for other ways to constrain usage. I
know that Oracle, DB2 (on some platforms) and Greenplum are able to set
workload limits, so that queries can be constrained from acting as noisy
neighbours to other queries on the same data. A less specific way to achieve
this would be setting OS-level resource limits on the database processes
themselves, such as a kubernetes request/limit setting.

But really, my best advice is to find a capable and experienced DBA for your
particular database system. It's likely that a mature database has several
ways to secure your data that you might not yet have thought of.

