FreeBrowser-onlyv1.0

PostgreSQL Hardening Checker

CIS-style security audit for postgresql.conf and pg_hba.conf

Paste your PostgreSQL configuration files and get a structured security report. Covers network exposure, authentication, encryption, logging, and access control. Each finding maps to a real attack scenario with an exact config fix. Runs entirely in your browser — nothing is uploaded.

#postgresql#database#security#hardening#devsecops

Configuration files are analyzed locally in your browser. Nothing is uploaded or transmitted.

Configuration files

postgresql.confmain config

pg_hba.confaccess control

What this scanner checks

HIGH

—listen_addresses = '*'
—pg_hba.conf trust auth
—SSL disabled
—Remote superuser access
—0.0.0.0/0 open access
—Weak cipher config

MEDIUM

—MD5 password hashing
—logging_collector off
—max_connections too high
—MD5 auth in pg_hba.conf
—log_min_duration missing
—ssl_min_protocol_version missing

LOW

—shared_buffers too low
—log_statement = none
—log_connections off
—Plaintext password auth
—log_line_prefix missing
—idle_in_transaction timeout missing

Scoring

Score starts at 100. Deductions: High −10, Medium −5, Low −2. High-severity cap: 1 High → max 70, 2 High → max 50, 3+ High → max 40. Any high-severity finding triggers FAIL status regardless of total score.

80–100

PASS

50–79

PARTIAL

0–49

FAIL

What this scanner checks

Scoring

Related tools