Search Postgresql Archives

Re: PCI:SSF - Safe SQL Query & operators filter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




> On Nov 7, 2022, at 17:24, Jan Bilek <jan.bilek@xxxxxxxxxxxxx> wrote:
> Would there be any way to go around this?

The typical configuration is to not permit the PostgreSQL superuser to log in remotely.  The database can be managed by a different, non-superuser role, including schema migrations.

> CREATE OR REPLACE LANGUAGE plpython3u; 
> HINT:  Must be superuser to create this extension.

The reason only a superuser can create this extension is the "u" at the end of the name: It is an untrusted PL that can bypass PostgreSQL's role system.  If anyone could create functions in it, anyone could bypass roles.





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]

  Powered by Linux