Signando Postgres

The Application Layer Gateway that takes PostgreSQL security to the extreme. Every SQL query is validated against your defined query whitelist.

What is Signando Postgres?

Signando Postgres is an Application Layer Gateway (ALG) that sits between your applications and your PostgreSQL database. It validates every single SQL query against a predefined whitelist of allowed queries before forwarding it to your database.

But we don't stop there. Signando Postgres also validates every response from your database before sending it back to the application. This bidirectional validation ensures:

Only pre-approved SQL queries reach your database
SQL injection attacks are blocked at the protocol level
Sensitive data cannot leak through unauthorized queries
Your database access policy is enforced bidirectionally

Technical Specifications

Language	100% Rust
Latency	< 5ms per query
Protocol	PostgreSQL Wire Protocol
Architecture	4 isolated NATS instances
PostgreSQL	12, 13, 14, 15, 16, 17
Deployment	Docker / Kubernetes

The Paranoid Approach

🛡️

Query Whitelist

Unlike traditional database firewalls that try to block known SQL injection patterns, Signando Postgres only allows queries that are explicitly whitelisted. Everything else is rejected.

🔒

4-Stage Isolation

Four separate NATS JetStream instances ensure that data from different processing stages cannot leak between components, even if one is compromised.

↔️

Bidirectional Validation

Both queries and responses are validated. This prevents data exfiltration and ensures your database never returns unauthorized data to applications.

The 4 Processes in Detail

Each process is isolated and communicates exclusively through defined channels.

1. Frontend

The only process with direct client contact. Receives PostgreSQL wire protocol connections and forwards queries for validation.

Input

PostgreSQL connections on Port 5432
Supports: Simple Query, Extended Query Protocol
TLS/SSL connections supported

Output

Writes query data to NATS 1 (Dirty Queue)
Writes entries to AuditLog
Reads validated responses from NATS 4 (Clean Queue)
Sends query results to client

🔒 Security Rules

No direct connection to PostgreSQL database
Can only access NATS 1 (write) and NATS 4 (read)
Query text is not interpreted, only forwarded
Connection timeout handling
Stateless: Can be horizontally scaled

2. Query Validator

Validates incoming queries against the query whitelist. Only allowed queries are forwarded.

Input

Reads query data from NATS 1 (Dirty Queue)
Loads query whitelist configuration

Output

Writes validated queries to NATS 2 (Clean Queue)
Writes validation result to AuditLog

🔒 Security Rules

No network listener: Opens no ports, only polls NATS queue
No network connection except NATS 1 (read) and NATS 2 (write)
Strict query whitelist validation
SQL parsing and normalization
Parameter binding validation
Prepared statement support
SQL injection pattern detection as additional layer
Stateless: Can be horizontally scaled

3. Backend

Forwards validated queries to the actual PostgreSQL database and receives the results.

Input

Reads validated queries from NATS 2 (Clean Queue)

Output

Executes query on PostgreSQL on Port 5432 (configurable)
Writes database response to NATS 3 (Dirty Queue)
Writes execution details to AuditLog

🔒 Security Rules

No direct connection to client (only via NATS)
Can only access NATS 2 (read) and NATS 3 (write)
Database connection only to configured host/port
Query timeout handling
Connection pooling to database
Retry logic for transient errors
Stateless: Can be horizontally scaled

4. Response Validator

Validates database responses against the expected schema. Prevents data exfiltration and unexpected result structures.

Input

Reads database responses from NATS 3 (Dirty Queue)
Loads response schema configuration

Output

Writes validated responses to NATS 4 (Clean Queue)
Writes validation result to AuditLog
On error: Generates safe error response

🔒 Security Rules

No network listener: Opens no ports, only polls NATS queue
No network connection except NATS 3 (read) and NATS 4 (write)
Column/field validation: Only expected columns are returned
Row count limits enforcement
Data type validation
Sensitive data masking (configurable)
Stateless: Can be horizontally scaled

Data Flow Overview

┌──────────────────────────────────────────────────────────────────────────────┐
│                                                                              │
│   App ──▶ Frontend ──▶ NATS 1 ──▶ Query      ──▶ NATS 2 ──▶ Backend         │
│    │      (5432)       (Dirty)    Validator      (Clean)      │             │
│    │                                                          │             │
│    │                                                          ▼             │
│    │                                                    PostgreSQL DB       │
│    │                                                       (5432)           │
│    │                                                          │             │
│    │        ┌─────────────────────────────────────────────────┘             │
│    │        │                                                               │
│    │        ▼                                                               │
│    │      NATS 3 ──▶ Response   ──▶ NATS 4                                  │
│    │      (Dirty)    Validator      (Clean)                                 │
│    │                                   │                                    │
│    │                                   ▼                                    │
│    ◀───────────────────────────── Frontend                                  │
│                                                                              │
│   ════════════════════════════════════════════════════════════════════════  │
│   Each process also writes to the AuditLog                                  │
└──────────────────────────────────────────────────────────────────────────────┘

Ready to Protect Your Database?

Get in Touch View Features