secrutiry update

database/postgresql.conf

@@ -0,0 +1,53 @@
+# PostgreSQL Configuration for CatLink Production
+# Security-hardened configuration
+
+# Connection Settings
+listen_addresses = '*'
+port = 5432
+max_connections = 100
+shared_buffers = 256MB
+
+# Security Settings
+ssl = on
+ssl_min_protocol_version = 'TLSv1.3'
+ssl_prefer_server_ciphers = on
+password_encryption = scram-sha-256
+
+# Logging for Security Monitoring
+logging_collector = on
+log_destination = 'stderr'
+log_directory = 'pg_log'
+log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'
+log_rotation_age = 1d
+log_rotation_size = 100MB
+
+# Connection Logging
+log_connections = on
+log_disconnections = on
+log_duration = on
+log_statement = 'mod'
+log_line_prefix = '%m [%p] %u@%d %h %c '
+
+# Security Logging
+log_checkpoints = on
+log_lock_waits = on
+log_temp_files = 0
+
+# Performance Settings
+effective_cache_size = 1GB
+maintenance_work_mem = 64MB
+checkpoint_completion_target = 0.7
+wal_buffers = 16MB
+default_statistics_target = 100
+
+# WAL Settings
+wal_level = replica
+archive_mode = off
+max_wal_senders = 0
+
+# Locale Settings
+lc_messages = 'en_US.utf8'
+lc_monetary = 'en_US.utf8'
+lc_numeric = 'en_US.utf8'
+lc_time = 'en_US.utf8'
+default_text_search_config = 'pg_catalog.english'