Database

This section describes how to secure information described in Posit Workbench’s internal database.

Hardening SQLite

If you are using SQLite, set the permissions such that users cannot access the database. For example, run the command: chmod 600 /var/lib/rstudio-server/rstudio.sqlite or wherever the SQLite database is stored.

Hardening PosgreSQL

Database Configuration File Permissions

The database configuration may contain sensitive data. Set the permissions such that users cannot access the database configuration file. For example, run the commands: chmod 600 /etc/rstudio/database.conf and chown root:root /etc/rstudio/database.conf

Encrypt Database Communication

Because the database contains sensitive information, it is strongly recommended that you configure PostgreSQL to accept SSL (TLS) encrypted connections. See the the PostgreSQL Secure TCP/IP Connections documentation.

SSL Certificate Authentication

When using PostgreSQL as a database provider, ensure that you’re using an SSL certificate to authenticate the PostgreSQL user, rather than storing an unencrypted password in database.conf. See the PostgreSQL SSL Certification Authentication documentation.