| From: | Dave Page <dpage(at)pgadmin(dot)org> |
|---|---|
| To: | Mudy Situmorang <mudy(at)astasolusi(dot)com> |
| Cc: | Guillaume Lelarge <guillaume(at)lelarge(dot)info>, pgadmin-support(at)postgresql(dot)org |
| Subject: | Re: Superuser without pg_hba could drop database |
| Date: | 2010-07-29 08:20:17 |
| Message-ID: | AANLkTinz4QKb1JsyqVX=GS8W8n21FcyRwyQd1kC9t8YF@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-support |
On Thu, Jul 29, 2010 at 8:15 AM, Mudy Situmorang <mudy(at)astasolusi(dot)com> wrote:
> psql runs only from the server, while pgAdmin (which is a standard
> installation in PostgerSQL for windows) easily installed in any clients.
Incorrect. psql, like pretty much any PostgreSQL client can run on any
machine and connect to a remote server.
> In a network with several different projects & many databases that requires
> dozens of superuser, pg_hba could provide the required access control.
No, that's not the way to set it up - a superuser can always drop a
database, regardless of pg_hba.conf. You should make roles database
owners rather than superusers to give them control of individual
databases only.
> In this bug, when one superuser password compromised, then all database can
> be dropped from any clients using pgAdmin.
> IMO this is a major security problem on pgAdmin software.
Real security problems like this are *never* in the the client
software, always in the server. If the security was implemented in
pgAdmin, then it would be trivial for an attacker to bypass by writing
their own client, or recompiling pgAdmin without the security check.
But, this is not a security issue as noted above...
--
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com
The Enterprise Postgres Company
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jason Long | 2010-07-29 22:26:03 | Install v1.12 on Fedora 13 |
| Previous Message | Mudy Situmorang | 2010-07-29 07:59:26 | Re: Superuser without pg_hba could drop database |