PostgreSQL Conference Germany 2026

Everyone knows how to prevent basic SQL injection—but modern attackers have moved far beyond textbook exploits. In high-traffic PostgreSQL deployments, subtle misconfigurations and overlooked features can open doors to far more sophisticated attacks. This talk uncovers the next generation of database threats that rarely make it into security checklists. We’ll examine: * Privilege Escalation via Extensions and Foreign Data Wrappers – how seemingly harmless extensions or FDWs can leak credentials or access external systems. * Timing and Side-Channel Attacks – extracting secrets by measuring query latency and caching behavior. * Abusing Logical Replication and LISTEN/NOTIFY – stealthy data exfiltration channels hidden in plain sight. * Role Inheritance & Row-Level Security Pitfalls – ways attackers exploit complex permission hierarchies.