Skip site navigation (1) Skip section navigation (2)

Re: Security Implications

From: Andrew McMillan <andrew(at)catalyst(dot)net(dot)nz>
To: eric soroos <eric-psql(at)soroos(dot)net>
Cc: pgsql-novice(at)postgresql(dot)org
Subject: Re: Security Implications
Date: 2002-08-24 12:18:24
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
On Sat, 2002-08-24 at 04:46, eric soroos wrote:
> Say I have a web app that is connecting to a database as an unprivleged user. 
> This database contains one client's data (all of it, and only that client's data). Also assume that the client is reasonably clueful and wants to do data mining above and beyond what I present through a web interface.
> What damage could they do if given the ability to type in sql queries and execute them?
> Obviously they could hose their own data.  They could also do expensive joins. 
> Can they connect to another database?

Yes, but they can be required to enter passwords to do so.

> Can they interact at all with the file system?

There are some commands that can affect the filesystem, but in general
it isn't possible.  The filesystem can only be affected as the user that
runs the postmaster, and this is not root in any sensible installation.

I would not trust a person with SQL command line, if I wasn't able to
trust them in general as the dba user logged locally into the box.

Andrew @ Catalyst .Net.NZ Ltd, PO Box 11-053, Manners St, Wellington
WEB:        PHYS: Level 2, 150-154 Willis St
DDI: +64(4)916-7201    MOB: +64(21)635-694    OFFICE: +64(4)499-2267
           Survey for free with 

In response to

pgsql-novice by date

Next:From: Aurangzeb M. AghaDate: 2002-08-25 20:39:13
Subject: comments in load scripts
Previous:From: eric soroosDate: 2002-08-23 16:46:26
Subject: Security Implications

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group