Re: create table permission

From: Heni Lolov <hal_bg(at)yahoo(dot)com>
To: pgsql-admin(at)postgresql(dot)org
Subject: Re: create table permission
Date: 2002-06-19 08:40:23
Message-ID: 20020619084023.35932.qmail@web21008.mail.yahoo.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

What about
a cycle taht does:
create table table1(....);
create table table2(....);
....................
create table tableN(....);

and another:
insert into table1 values(.....);
insert into table2 values(.....);
....................
insert into tablen values(.....);

And so on till out fo disk spoace occurs.
This could be done by even the most restricted users taht can access the
database.

Isn't is a huge and obvious secyrity hole?

Hal

--- Rasmus Mohr <rmo(at)Netpointers(dot)com> wrote:
> What 'bout:
>
> REVOKE ALL ON "table_name" FROM PUBLIC;
> GRANT ALL ON "table_name" TO "postgres";
> GRANT SELECT ON "table_name" TO "select_user";
>
> ???
>
> --------------------------------------------------------------
> Rasmus T. Mohr Direct : +45 36 910 122
> Application Developer Mobile : +45 28 731 827
> Netpointers Intl. ApS Phone : +45 70 117 117
> Vestergade 18 B Fax : +45 70 115 115
> 1456 Copenhagen K Email : mailto:rmo(at)netpointers(dot)com
> Denmark Website : http://www.netpointers.com
>
> "Remember that there are no bugs, only undocumented features."
> --------------------------------------------------------------
>
> > -----Original Message-----
> > From: pgsql-admin-owner(at)postgresql(dot)org
> > [mailto:pgsql-admin-owner(at)postgresql(dot)org]On Behalf Of Heni Lolov
> > Sent: Wednesday, June 19, 2002 10:17 AM
> > To: pgsql-admin(at)postgresql(dot)org
> > Subject: Re: [ADMIN] create table permission
> >
> >
> > Hi,
> >
> > This is the nost stupid thing in PostgreSQL, but there is no
> > CREATE TABLE
> > privilege :(((((((
> > Everybody CAN create tables. Unfortunately it will not be
> > inplemented even in
> > Pg 7.3 according to TODO list. The developers do not consider
> > it as important
> > feature. In my opinion this is the most obvious security hole
> > in PostgreSQL.
> > Really Stupid but FACT!!!!!
> >
> > HEY PEOPLE WILL YOU EVER FIX IT?
> >
> > Hal
> >
> > --- bertdd(at)lumumba(dot)luc(dot)ac(dot)be wrote:
> > > How can I give SELECT privileges to a table of a database
> > without giving
> > > CREATE TABLE privileges to that database ?
> > >
> > > Bert De Decker
> > >
> > >
> > > ---------------------------(end of
> > broadcast)---------------------------
> > > TIP 6: Have you searched our list archives?
> > >
> > > http://archives.postgresql.org
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! - Official partner of 2002 FIFA World Cup
> > http://fifaworldcup.yahoo.com
> >
> > ---------------------------(end of
> > broadcast)---------------------------
> > TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
> >
> >

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Heni Lolov 2002-06-19 09:06:53 Re: create table permission
Previous Message Rasmus Mohr 2002-06-19 08:31:11 Re: create table permission