Search Postgresql Archives

Re: strange permission error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mr Dash Four <mr.dash.four@xxxxxxxxxxxxxx> writes:
>> if you broke the permissions on the pg_catalog so badly that the SQL 
>> planner can't look up the data types of the fields of your own tables, 
>> well, thats just wrong.

> What's the alternative?

Perhaps more careful thought about your threat model?

> I am not willing to let an arbitrary program 
> using connection credentials, which have the ability to read my entire 
> system catalogue. What happens if that connection is hijacked by an 
> attacker?

1. Use SSL connections, with appropriate certificate verification at
both ends.

2. If somebody manages to hijack your connection, you have much worse
problems than whether they can read your system catalogs.  They can at
least copy, and probably modify, your user data.  The catalogs are
unlikely to contain anything that's very interesting to an attacker
who knows enough about your operations to hijack a connection in the
first place.

			regards, tom lane


-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux