Search Postgresql Archives

Re: [OT] Help: stories of database security and privacy

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2017-04-12 09:09, Lifepillar wrote:
Hi folks,
in a few weeks I will start a short course on the basics of database
security for a group of high-school students with a background in
elementary relational theory and SQL. I plan to discuss the usage of
grant/revoke, RBAC, DAC, and inference in statistical databases.

I'd like to take the opportunity to also engage students about the topic
of privacy (or lack thereof). So, I am here to ask if you have
interesting/(in)famous stories to share on database security/privacy
"gone wrong" or "done right"(tm), possibly with technical details (not
necessarily to share with the students, but for me to understand the
problems). I am asking to this list because I will use PostgreSQL, so
maybe I can collect ideas that I can implement or demonstrate in
practice, or use as case studies.

Thanks in advance,
Life.

One case that I remember from an ancient version of the book "hacking exposed" was about a MySQL server that was running under the root user. A badly written application allowed some SQL injection that let a hacker issue a SELECT INTO OUTFILE query that "selected" a bash script into the .login file of the root user, and the next time the root user logged in, the script would create a new superuser account
for the hacker.

I remember this particular example mainly because of the way that people I told it to reacted; some were of the opinion that the application was at fault for allowing injection,
some thought the DBA was to blame for running as root,
but the vast majority did not know that MySQL could write files, let alone overwrite system files.

Their responses really made it clear that hackers generally know a lot more about how a setup works than it's maintainer does. Just because you cannot think of a way that a right can be exploited

Ever since then I live by the motto; "If it's not absolutely required to be possible,
then it should be made absolutely impossible.".


As for privacy, the same applies; if a website doesn't have to print the real lastname of a user, then the JSON API should not send that to the client. In fact, the API should refuse to send it, even when asked, unless the user who's asking has rights to do so. Again; denied unless specifically allowed.


--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux