On 21/02/2011 3:44 PM, Allan Kamau wrote:
Are there other problems we may expect. Can they run any OS programs or install any such tools, induce buffer overflows and so on.?
So long as your webapp user and database owner is a regular user (non-superuser) without CREATE ROLE or CREATE DATABASE rights, they should be pretty well sandboxed, though as you point out they can attempt to affect the rest of the system by running expensive queries.
If your webapp user is a superuser and the webapp gets cracked, you're screwed. Don't do it. Ever.
To be even safer, you should consider not even making your webapp user the database owner. Have a different user create the database, own it, and run the DDL to create and maintain its tables. Explicitly GRANT the webapp user the rights it requires on the tables, views and functions it uses, and no more. This may not be practical if your webapp likes to run its own generated DDL during upgrades (like Rails, Drupal, etc) or lacks any sort of documentation on what access rights it needs.
-- Craig Ringer Tech-related writing at http://soapyfrogs.blogspot.com/ -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
