From: | Mudy Situmorang <mudy(at)astasolusi(dot)com> |
---|---|
To: | Guillaume Lelarge <guillaume(at)lelarge(dot)info> |
Cc: | pgadmin-support(at)postgresql(dot)org |
Subject: | Re: Superuser without pg_hba could drop database |
Date: | 2010-07-29 07:59:26 |
Message-ID: | AANLkTi=kshpoALrnZY3O70HhXCFvCyiP-yc=31Ys2o3a@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgadmin-support |
Ok, Thanks for the answer.
2010/7/29 Guillaume Lelarge <guillaume(at)lelarge(dot)info>
> Le 29/07/2010 09:15, Mudy Situmorang a écrit :
> > psql runs only from the server, while pgAdmin (which is a standard
> > installation in PostgerSQL for windows) easily installed in any clients.
> >
>
> Wrong. psql can run from anywhere. "psql -h ip_of_the_server -U
> my_superuser postgres" will connect to the server if the pg_hba.conf
> allows me to. And I will be able to drop any database I want.
>
> > In a network with several different projects & many databases that
> requires
> > dozens of superuser, pg_hba could provide the required access control.
> >
>
> pg_hba.conf only provides *access* control, not objects' rights control.
>
> > In this bug, when one superuser password compromised, then all database
> can
> > be dropped from any clients using pgAdmin.
> >
>
> Sure. That's probably why you shouldn't have that many superusers.
> Having one or two is understandable. Having more is, to say the least,
> weird. Not sure that you know this, but a user can be owner of a
> database without being a superuser. If you have a specific owner for
> each of the database, the owners won't be able to drop other databases.
> They will only have the right to drop their own.
>
> > IMO this is a major security problem on pgAdmin software.
> >
>
> You mean with every PostgreSQL admin tool. You can do that with any of
> them. Even psql. You can easily install psql on a PC and drop a database
> if you are a superuser and have the right to connect on at least one
> database. I think you misunderstand the use of the superuser. You
> shouldn't have a lot of them.
>
>
> --
> Guillaume
> http://www.postgresql.fr
> http://dalibo.com
>
From | Date | Subject | |
---|---|---|---|
Next Message | Dave Page | 2010-07-29 08:20:17 | Re: Superuser without pg_hba could drop database |
Previous Message | Guillaume Lelarge | 2010-07-29 07:29:20 | Re: Superuser without pg_hba could drop database |