From: | Heiko Schroeder <heikos(at)foni(dot)net> |
---|---|
To: | pgsql-novice(at)postgresql(dot)org |
Subject: | Heavy security bug in 7.2.2-16? |
Date: | 2002-12-27 02:27:21 |
Message-ID: | 200212270327.21106.heikos@foni.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
Dear list,
as far as I have made my experiences in version 7.2.2-16 (SuSE Linux 8.1) it
is possible for *every* user which is able to create a database and/or is
able to create new users to delete a database from every other user. I did
not find any hints in the FAQ or archives.
Especially when the superuser postmaster creates a database, e.g. test, a
normal user although he is *not* the owner, if it is not denied that he can
create new databases AND that he can create new users, can delete the
database even if there are restrictions made on a table within the database
by the owner (GRANT).
I cannot find the mistake I have made, since in an older version this problem
did not occur. Thanks a lot.
Heiko
--
Heiko Schroeder
Ahrensburg, Germany
http://home.foni.net/~heikos
From | Date | Subject | |
---|---|---|---|
Next Message | K Ramakrishna | 2002-12-27 04:05:08 | download postgresql for windows |
Previous Message | Reshat Sabiq | 2002-12-25 12:07:45 | Re: Moving a database-sos |