All challenges
beginnersecuritynetworkingdatabases~9 min4 rounds

A Contractor Needs DB Access for a Week. Open the Port?

An external contractor needs a week of database access. A teammate wants to open the DB port to the internet with a strong password. Defend the safe alternatives.

the decision you defend

An external contractor needs read access to the production database for one week of analysis work. A teammate proposes opening the database port (5432) to the internet in the firewall and giving the contractor a strong password. What do you do, and why?

Sign in to startFree for everyone. Takes a few seconds.

the situation

Your company hired an external data contractor for a one-week analysis of order history. The contractor works remotely from their own laptop and asks how to connect to the production Postgres instance. The database lives on a private subnet behind a cloud firewall; today nothing outside the VPC can reach it.

context

There is an existing VPN used by employees and a small bastion host used for admin SSH, but the contractor has never been onboarded to either. It is Monday morning and the engagement is already billed. A teammate says: fastest path is to add a firewall rule opening 5432 to the internet and give them a really strong password, we will remove it on Friday.

How this challenge works

Take a position on the decision above and defend it. A senior-engineer AI will push back over up to 4 rounds. When you are done, you are scored against a verified rubric so you can see exactly what a complete answer covers - these are learning prompts, not gotchas.