Most people use a VPN of some sort when connecting to remote databases
Our DB servers don’t have any ports listening on the internet, not even SSH.
TLS can be enforced for DB connections (both pg and mssql support this), but that’s still prone to credential stuffing and the client machine isn’t usually authenticated. Lots of regulations generally require some extra security layer protecting connections to the DB.
Our DB servers don’t have any ports listening on the internet, not even SSH.
TLS can be enforced for DB connections (both pg and mssql support this), but that’s still prone to credential stuffing and the client machine isn’t usually authenticated. Lots of regulations generally require some extra security layer protecting connections to the DB.