Architecture
Deep dive into Signando Postgres's security-first architecture with 4-stage isolation.
Security Through Isolation
Signando Postgres implements a defense-in-depth strategy using four completely isolated processing stages. Each stage runs in its own process with strictly limited network access.
NATS JetStream Isolation
We use four separate NATS JetStream instances instead of one. This ensures that even if an attacker compromises one component, they cannot access data from other processing stages.
- NATS 1: Unvalidated queries from frontend
- NATS 2: Validated queries ready for execution
- NATS 3: Unvalidated database responses
- NATS 4: Validated responses for client
Zero Trust Networking
Each process can only communicate with its designated NATS instances. The Query Validator cannot talk to the database. The Backend cannot talk to clients.
- Frontend: NATS 1 (write), NATS 4 (read)
- Query Validator: NATS 1 (read), NATS 2 (write)
- Backend: NATS 2 (read), NATS 3 (write)
- Response Validator: NATS 3 (read), NATS 4 (write)
Why This Matters
Blast Radius Containment
If the Query Validator is compromised, the attacker still cannot reach the database because only the Backend process has database credentials and network access.
Complete Audit Trail
Each process writes to the AuditLog independently. This creates an immutable record of every query and response, making forensic analysis possible.
Horizontal Scalability
All four processes are stateless. You can run multiple instances of each to handle higher loads or provide redundancy.