feat(wbs): WBS-10.9 보안 강화 완료 및 appsettings.json 평문 패스워드 제거, postgresql 가이드 문서 수립
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 8s
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 6s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped
Deploy to Production / Build & Deploy to Production (push) Successful in 1m15s
Snapshot Admin Deployment / build-and-deploy (push) Failing after 53s
Quant Engine CI/CD Pipeline / validate-core (push) Failing after 8s
WBS-9.3 - NULL Policy CI Gate / NULL Policy Validation (push) Failing after 6s
Quant Engine CI/CD Pipeline / validate-ui-and-storage (push) Has been skipped
Deploy to Production / Build & Deploy to Production (push) Successful in 1m15s
Snapshot Admin Deployment / build-and-deploy (push) Failing after 53s
This commit is contained in:
@@ -0,0 +1,70 @@
|
||||
# PostgreSQL Security Guide for QuantEngine
|
||||
|
||||
This document outlines the security configuration, role definitions, and access control policies for the `quantengine` schema in the PostgreSQL database.
|
||||
|
||||
---
|
||||
|
||||
## 1. Schema Isolation
|
||||
|
||||
The Quant Investment Engine operates strictly within the `quantengine` schema to prevent namespace pollution and protect system catalog tables.
|
||||
|
||||
* **Schema**: `quantengine`
|
||||
* **Default Database**: `giteadb`
|
||||
|
||||
---
|
||||
|
||||
## 2. Role Definitions & Privileges
|
||||
|
||||
To ensure the principle of least privilege, we define three main database roles:
|
||||
|
||||
### A. Schema Owner (`quantengine_owner`)
|
||||
* **Purpose**: Full access to schema objects, responsible for executing DDL (migrations, table creation).
|
||||
* **Permissions**:
|
||||
```sql
|
||||
CREATE ROLE quantengine_owner WITH LOGIN PASSWORD 'OwnerPasswordSecure';
|
||||
GRANT ALL PRIVILEGES ON DATABASE giteadb TO quantengine_owner;
|
||||
GRANT ALL PRIVILEGES ON SCHEMA quantengine TO quantengine_owner;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA quantengine GRANT ALL ON TABLES TO quantengine_owner;
|
||||
```
|
||||
|
||||
### B. Read-Write Application Role (`quantengine_app`)
|
||||
* **Purpose**: Used by the live .NET application to insert daily data feeds, update portfolio states, and insert qualitative sell strategy results.
|
||||
* **Permissions**:
|
||||
```sql
|
||||
CREATE ROLE quantengine_app WITH LOGIN PASSWORD 'AppPasswordSecure';
|
||||
GRANT CONNECT ON DATABASE giteadb TO quantengine_app;
|
||||
GRANT USAGE ON SCHEMA quantengine TO quantengine_app;
|
||||
|
||||
-- Grant CRUD permissions on tables & sequences
|
||||
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA quantengine TO quantengine_app;
|
||||
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA quantengine TO quantengine_app;
|
||||
|
||||
-- Restrict DDL operations
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA quantengine GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO quantengine_app;
|
||||
```
|
||||
|
||||
### C. Read-Only Analytical Role (`quantengine_readonly`)
|
||||
* **Purpose**: Used by external reporting tools, dashboards, or manual audit scripts.
|
||||
* **Permissions**:
|
||||
```sql
|
||||
CREATE ROLE quantengine_readonly WITH LOGIN PASSWORD 'ReadonlyPasswordSecure';
|
||||
GRANT CONNECT ON DATABASE giteadb TO quantengine_readonly;
|
||||
GRANT USAGE ON SCHEMA quantengine TO quantengine_readonly;
|
||||
|
||||
GRANT SELECT ON ALL TABLES IN SCHEMA quantengine TO quantengine_readonly;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA quantengine GRANT SELECT ON TABLES TO quantengine_readonly;
|
||||
```
|
||||
|
||||
---
|
||||
|
||||
## 3. Configuration Best Practices
|
||||
|
||||
1. **Connection String Hygiene**:
|
||||
* Never store connection strings with plaintext passwords in version control.
|
||||
* `appsettings.json` must only contain placeholder configurations.
|
||||
* Inject the connection string at runtime using environment variables:
|
||||
`ConnectionStrings__DefaultConnection="Host=127.0.0.1;Database=giteadb;Username=quantengine_app;Password=YourSecurePassword;Search Path=quantengine;"`
|
||||
|
||||
2. **Network Security**:
|
||||
* Bind PostgreSQL only to local interfaces (`127.0.0.1`) or secure private network interfaces.
|
||||
* Restrict access in `pg_hba.conf` to allow connections only from the Gitea runner or application host.
|
||||
Reference in New Issue
Block a user