| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Francesco Casadei <f_casadei(at)libero(dot)it> |
| Cc: | Ken Causey <ken(at)ineffable(dot)com>, Ian Harding <ianh(at)co(dot)pierce(dot)wa(dot)us>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PostgreSQL security concerns |
| Date: | 2001-06-04 13:51:24 |
| Message-ID: | 200106041351.f54DpO208902@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> The only problem I have is with createdb and dropdb. I only have two users:
> pgsql and funland (created with CREATEDB option). The relevant lines of
> pg_hba.conf are:
>
> # TYPE DATABASE IP_ADDRESS MASK AUTHTYPE MAP
> local template0 trust
> local template1 trust
> local funland password funland.pwd
>
> psql prompts for a password when pgsql and funland connect to database funland
> (as expected).
> But anyone can create or destroy the database WITHOUT supplying a password. For
> example casimiro is a UNIX user not registered in PostgreSQL. I can do:
>
> casimiro(at)goku(dot)kasby> createdb -U funland funland
> CREATE DATABASE
>
> casimiro(at)goku(dot)kasby> dropdb -U funland funland
> DROP DATABASE
>
> I can use -W to force a password prompt, but a malicious user will not!!
createdb/dropdb are actually controlled by template0/1, not the database
itself.
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 853-3000
+ If your life is a hard drive, | 830 Blythe Avenue
+ Christ can be your backup. | Drexel Hill, Pennsylvania 19026
| From | Date | Subject | |
|---|---|---|---|
| Next Message | will trillich | 2001-06-04 14:04:52 | Re: datestyle |
| Previous Message | Brent R. Matzelle | 2001-06-04 13:45:16 | CHAR vs VARCHAR w/TOAST |