Database
This section describes how to secure information described in Posit Workbench’s internal database.
Hardening SQLite
If you are using SQLite, set the permissions such that users cannot access the database. For example, run the command: chmod 600 /var/lib/rstudio-server/rstudio.sqlite
or wherever the SQLite database is stored.
Hardening PosgreSQL
Database Configuration File Permissions
The database configuration may contain sensitive data. Set the permissions such that users cannot access the database configuration file. For example, run the commands: chmod 600 /etc/rstudio/database.conf
and chown root:root /etc/rstudio/database.conf
Encrypt Database Communication
Because the database contains sensitive information, it is strongly recommended that you configure PostgreSQL to accept SSL (TLS) encrypted connections. See the PostgreSQL Secure TCP/IP Connections documentation.
SSL Certificate Authentication
When using PostgreSQL as a database provider, ensure that you’re using an SSL certificate to authenticate the PostgreSQL user, rather than storing an unencrypted password in database.conf
. See the PostgreSQL SSL Certification Authentication documentation.