Search Postgresql Archives

Re: Worst case scenario of a compromised non super-user PostgreSQL user account

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 21/02/2011 3:44 PM, Allan Kamau wrote:

Are there other problems we may expect. Can they run any OS programs
or install any such tools, induce buffer overflows and so on.?

So long as your webapp user and database owner is a regular user (non-superuser) without CREATE ROLE or CREATE DATABASE rights, they should be pretty well sandboxed, though as you point out they can attempt to affect the rest of the system by running expensive queries.

If your webapp user is a superuser and the webapp gets cracked, you're screwed. Don't do it. Ever.

To be even safer, you should consider not even making your webapp user the database owner. Have a different user create the database, own it, and run the DDL to create and maintain its tables. Explicitly GRANT the webapp user the rights it requires on the tables, views and functions it uses, and no more. This may not be practical if your webapp likes to run its own generated DDL during upgrades (like Rails, Drupal, etc) or lacks any sort of documentation on what access rights it needs.

--
Craig Ringer

Tech-related writing at http://soapyfrogs.blogspot.com/

--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux