Securing Your Self-Hosted Database

Posted4 months agoActive4 months ago

_p2zi

3 points

1 comments

hwisnu.bearblog.devTechstory

heatednegative

Debate

60/100

Database SecuritySelf-HostingNetwork Configuration

Key topics

Database Security

Self-Hosting

Network Configuration

The article discusses securing self-hosted databases, but the discussion criticizes the advice as inadequate.

Snapshot generated from the HN discussion

Discussion Activity

Light discussion

First comment

12m

Peak period

0-1h

Avg / period

Key moments

01Story posted
Sep 5, 2025 at 9:48 AM EDT
4 months ago
Step 01
02First comment
Sep 5, 2025 at 10:00 AM EDT
12m after posting
Step 02
03Peak activity
1 comments in 0-1h
Hottest window of the conversation
Step 03
04Latest activity
Sep 5, 2025 at 10:00 AM EDT
4 months ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 1 comments

Bender

4 months ago

This is not great advice. Yes every database should have a strong password but exposing the database port to the internet and relying on fail2ban is wrong and a futile game of whack-a-mole.

If the applications accessing the database are only on the same node, disable the network listener and use a named pipe for database communication if the applications support it. If the nodes accessing the database are not on the same node then set up firewall rules to only allow those nodes. If the remote nodes have dynamic IP addresses then use a VPN such as Wireguard to permit access. Exposing a database to the open internet is a losing game. VPN's and static IP addresses can and should be managed automatically through configuration management tools.

View full discussion on Hacker News

ID: 45138551Type: storyLast synced: 11/17/2025, 10:13:44 PM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN