Frequently Asked Questions
Common questions about Signando Postgres database security gateway.
How does the query whitelist work?
You define a list of allowed SQL queries (with parameter placeholders). Signando Postgres parses and normalizes incoming queries and compares them against the whitelist. Only exact matches are forwarded to the database.
What about dynamic queries?
Signando Postgres supports parameterized queries. The query structure must match the whitelist, but parameter values can vary. This covers most application needs while maintaining security.
How much latency does it add?
Typically less than 5ms per query. The Rust implementation is highly optimized with zero-copy parsing where possible. For most applications, this overhead is negligible.
Can it work with existing connection pools?
Yes. Signando Postgres speaks standard PostgreSQL wire protocol. Your application connects to Signando Postgres instead of directly to the database. Connection poolers like PgBouncer can be used on either side.
What happens if a query is blocked?
The application receives a PostgreSQL error response with a configurable error message. The blocked query is logged to the audit log with full context for investigation.
How do I create the query whitelist?
You can start in learning mode, where Signando Postgres logs all queries without blocking. After reviewing the logs, you approve the legitimate queries to create your whitelist. The whitelist is defined in a YAML configuration file.