> To put it another way, keeping the two sets of names distinct is incrementally more complex to manage. Which might be worth it if there really is any gain. Is this a "best practice," or is it really a manifestation of its closely-related cousin, the "silly practice?" :)
From a security perspective, any application compromise (say, a bug in an SQL driver/lib) will therefore only affect the databases that user can access, and not all the databases the OS user can access (which could be many!).
It's ultimately up to your use case. I generate my auth maps using CM tools (i.e. Ansible) so the management overhead is minimal. My web applications all run as the "deploy" (OS) user, but each have separate DB users ("baltar", "caprica", "leoben", etc.) and those DB users only have access on the DBs they need to.
From a security perspective, any application compromise (say, a bug in an SQL driver/lib) will therefore only affect the databases that user can access, and not all the databases the OS user can access (which could be many!).
On Tue, Aug 19, 2014 at 9:51 AM, John R Pierce <pierce@xxxxxxxxxxxx> wrote:
On 8/18/2014 6:45 PM, Ken Tanzer wrote:what I read on that vunerability, it was talking about dbuser == dbname, not os user. and frankly, I didn't get their rationale for that.
Thanks. I'm not really worried about this particular vulnerability, just wondering about the more general idea that having db user name = os user could reduce your security, even if only slightly. Is it just as conceivable that a vulnerability could come along that was more exploitable only if the two names were _different_?
--
john r pierce 37N 122W
somewhere on the middle of the left coast
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
