Skip site navigation (1) Skip section navigation (2)

Re: Superuser without pg_hba could drop database

From: Guillaume Lelarge <guillaume(at)lelarge(dot)info>
To: Mudy Situmorang <mudy(at)astasolusi(dot)com>
Cc: pgadmin-support(at)postgresql(dot)org
Subject: Re: Superuser without pg_hba could drop database
Date: 2010-07-29 07:29:20
Message-ID: (view raw or whole thread)
Lists: pgadmin-support
Le 29/07/2010 09:15, Mudy Situmorang a écrit :
> psql runs only from the server, while pgAdmin  (which is a standard
> installation in PostgerSQL for windows) easily installed in any clients.

Wrong. psql can run from anywhere. "psql -h ip_of_the_server -U
my_superuser postgres" will connect to the server if the pg_hba.conf
allows me to. And I will be able to drop any database I want.

> In a network with several different projects & many databases that requires
> dozens of superuser, pg_hba could provide the required access control.

pg_hba.conf only provides *access* control, not objects' rights control.

> In this bug, when one superuser password compromised, then all database can
> be dropped from any clients using pgAdmin.

Sure. That's probably why you shouldn't have that many superusers.
Having one or two is understandable. Having more is, to say the least,
weird. Not sure that you know this, but a user can be owner of a
database without being a superuser. If you have a specific owner for
each of the database, the owners won't be able to drop other databases.
They will only have the right to drop their own.

> IMO this is a major security problem on pgAdmin software.

You mean with every PostgreSQL admin tool. You can do that with any of
them. Even psql. You can easily install psql on a PC and drop a database
if you are a superuser and have the right to connect on at least one
database. I think you misunderstand the use of the superuser. You
shouldn't have a lot of them.


In response to


pgadmin-support by date

Next:From: Mudy SitumorangDate: 2010-07-29 07:59:26
Subject: Re: Superuser without pg_hba could drop database
Previous:From: Mudy SitumorangDate: 2010-07-29 07:15:20
Subject: Re: Superuser without pg_hba could drop database

Privacy Policy | About PostgreSQL
Copyright © 1996-2015 The PostgreSQL Global Development Group